SEC: Fix GitHub workflow vulnerable to script injection (#2787)

SEC: Fix GitHub workflow vulnerable to script injection (#2787) #122