clerk · jacekradko · Jun 16, 2026
diff --git a/.changeset/sdk-79-template-injection-fixes.md b/.changeset/sdk-79-template-injection-fixes.md
@@ -0,0 +1,2 @@
+---
+---
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -39,10 +39,14 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       - name: Check User Permission
         if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository && steps.checkAccess.outputs.require-result == 'false' }}
+        env:
+          TRIGGERING_ACTOR: ${{ github.triggering_actor }}
+          USER_PERMISSION: ${{ steps.checkAccess.outputs.user-permission }}
+          ACTOR: ${{ github.actor }}
         run: |
-          echo "${{ github.triggering_actor }} does not have permissions on this repo."
-          echo "Current permission level is ${{ steps.checkAccess.outputs.user-permission }}"
-          echo "Job originally triggered by ${{ github.actor }}"
+          echo "$TRIGGERING_ACTOR does not have permissions on this repo."
+          echo "Current permission level is $USER_PERMISSION"
+          echo "Job originally triggered by $ACTOR"
           exit 1
 
   pre-checks:
@@ -84,8 +88,10 @@ jobs:
 
       - name: Require Changeset
         if: ${{ github.event_name != 'merge_group' && github.event.pull_request.draft == false }}
+        env:
+          PR_AUTHOR: ${{ github.event.pull_request.user.login }}
         run: |
-          if [[ "${{ github.event.pull_request.user.login }}" = "clerk-cookie" || "${{ github.event.pull_request.user.login }}" = "renovate[bot]" ]]; then
+          if [[ "$PR_AUTHOR" = "clerk-cookie" || "$PR_AUTHOR" = "renovate[bot]" ]]; then
             echo 'Skipping';
             exit 0;
           else

diff --git a/.github/workflows/e2e-staging.yml b/.github/workflows/e2e-staging.yml
@@ -30,7 +30,6 @@ on:
 
 permissions:
   contents: read
-  actions: write
 
 concurrency:
   # Key on the clerk_go commit being validated rather than the (effectively always "main")

diff --git a/.github/workflows/labeler-apply.yml b/.github/workflows/labeler-apply.yml
@@ -8,7 +8,12 @@ name: Labeler (apply)
 # trigger while preserving fork-PR labeling (SDK-80).
 
 on:
-  workflow_run:
+  # Privileged trigger, intentionally: this is the trusted half of the labeler
+  # handshake and never runs PR-controlled code. The apply job validates the
+  # artifact PR number against the trigger run's head_sha and head repository
+  # before using it (see the Resolve-and-verify step below and SDK-80). zizmor's
+  # dangerous-triggers audit can't see that guard, so suppress it here.
+  workflow_run: # zizmor: ignore[dangerous-triggers]
     workflows: [Labeler]
     types:
       - completed