Prevent command injection by passing untrusted GitHub context values
(workflow_run.name and workflow_run.head_branch) through environment
variables instead of direct shell interpolation.
The vulnerability allowed malicious branch names with shell metacharacters
like $() to execute arbitrary commands. Now these values are safely passed
as environment variables which prevents shell expansion.
Fixes: HIGH severity command injection vulnerability on lines 66-67, 92
4d8da13da9