This PR avoids running malicious inputs as shell commands in the GitHub Actions.
Although these input values are entered by devs who have access to this repo, which means it's almost unlikely to be vulnerable to such attacks, it would be better to fix it.
Checks:
[x] Does your code follow the WordPress coding standards?
[ ] Have you written new tests for your changes, as applicable?
[ ] Have you successfully run tests with your changes locally?
[x] Have you checked to ensure there aren't other open Pull Requests for the same update/change?
Changes proposed in this Pull Request:
This PR avoids running malicious inputs as shell commands in the GitHub Actions.
Although these input values are entered by devs who have access to this repo, which means it's almost unlikely to be vulnerable to such attacks, it would be better to fix it.
Checks:
Detailed test instructions:
Changelog entry