Security Audit. 

Script Injection is possible which can allow a bad actor to harvest secrets.  This is not a huge problem on a hosted runner as they are ephemeral, but best practice should be used to prevent it. 

I have sanitized inputs but `bash` isn't my strong area, so I'm looking for an auditor to improve security. 