Lower-severity items from the pre-public security audit (none exploitable in the current model — defense-in-depth):
- Document that the Action's
modelpin-spec input accepts arbitrary pip specifiers (incl. git+), so it's a trusted input — guide users to pin a release tag.
- Bound/validate the
--fixtures path.
- Cap config-file size to avoid a DoS on a huge
modelpin.yaml.
Lower-severity items from the pre-public security audit (none exploitable in the current model — defense-in-depth):
modelpin-specinput accepts arbitrary pip specifiers (incl.git+), so it's a trusted input — guide users to pin a release tag.--fixturespath.modelpin.yaml.