Merge pull request #2 from github-samples/prompt-injection-attack-callout

Jeffrey-Luszcz · web-flow · commit c416469e28e9 · 2025-07-28T15:34:59.000-04:00
Prompt injection attack callout in readme
diff --git a/README.md b/README.md
@@ -8,6 +8,10 @@ This repository contains a collection of [GitHub Actions](https://github.com/fea
 | [Bug Reproduction Check](/workflows/bug-reproduction-check/bug-reproduction-check.yml) | Comments with request for better reproduction details, if needed. | @phazonoverload |
 | [Add Merged PR to Changelog](/workflows/add-merged-pr-to-changelog/add-merged-pr-to-changelog.yml) | Appends a summary of a merged pull request to an issue. | @phazonoverload |
 
+> [!IMPORTANT]  
+> Whenever workflows explicitly accept user input, a malicious actor could open an issue, pull request, or discussion instructing a model to do something you don't want. By carefully writing prompts and providing minimum permissions, you can help mitigate these risks.
+
+
 ## License 
 
 This project is licensed under the terms of the MIT open source license. Please refer to [MIT](./LICENSE) for the full terms.
@@ -18,4 +22,4 @@ See maintainers in the [CODEOWNERS](https://github.com/github-samples/models-in-
 
 ## Support
 
-Our team will try their best to respond to issues and pull requests in a timely manner. However, please note that this is an open source project and support may be limited.
+Our team will try their best to respond to issues and pull requests in a timely manner. However, please note that this is an open source project and support may be limited.
