- Permission Checks: Before executing core logic, the action verifies if the triggering user (
github.context.actor) haswriteoradminpermissions for the repository. - Sensitive Information Masking: Any occurrences of the provided
github-tokenandopenai-api-keywithin the output posted to GitHub are automatically masked (replaced with***) to prevent accidental exposure.