From bc61dc55704e2d5704760f3cdab0d09acf16e4ca Mon Sep 17 00:00:00 2001
From: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>
Date: Fri, 13 Feb 2026 01:41:16 +0600
Subject: [PATCH] Merge commit from fork

---
 action.yaml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/action.yaml b/action.yaml
index 86e2c31..8a57925 100644
--- a/action.yaml
+++ b/action.yaml
@@ -183,9 +183,10 @@ runs:
           local input_value="$2"
           local default_value="$3"
         
-          if [ ! -z "$input_value" ] && [ "$input_value" != "$default_value" ]; then
+          if [ -n "$input_value" ] && [ "$input_value" != "$default_value" ]; then
             # If action was provided with explicit input by the caller set that
-            echo "export $var_name=$input_value" >> trivy_envs.txt
+            # Use printf %q to safely escape special characters and prevent command injection
+            printf 'export %s=%q\n' "$var_name" "$input_value" >> trivy_envs.txt
           fi
         }