False Positive Validation - github.event.head_commit.id contains non-numeric characters #16799
Description
I have followed the Quick Start guide to add the Daily Status Report to my repository (Guide here: https://github.github.com/gh-aw/setup/quick-start/)
But when the workflow runs I get an error:
Error: Context variable validation failed!
Found 1 malicious or invalid numeric field(s):
- github.event.head_commit.id: "6d99836347ec1ac0263be4c53349b7827f67969a"
github.event.head_commit.id contains non-numeric characters: "6d99836347ec1ac0263be4c53349b7827f67969a"
Numeric context variables (like github.event.issue.number) must be either empty or valid integers.
This validation prevents injection attacks where special text or code is hidden in numeric fields.
This is a false positive because the commit hash is expected to have non-numeric characters