From 03515881176fddba919e3592e0a41cbc9806fdb8 Mon Sep 17 00:00:00 2001
From: Mason Daugherty <mason@langchain.dev>
Date: Fri, 27 Mar 2026 15:24:11 -0400
Subject: [PATCH] chore: harden language in ci (#36314)

---
 .github/workflows/pr_labeler.yml         | 3 ++-
 .github/workflows/require_issue_link.yml | 2 ++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/pr_labeler.yml b/.github/workflows/pr_labeler.yml
index 50edec08cc9..0870f1673de 100644
--- a/.github/workflows/pr_labeler.yml
+++ b/.github/workflows/pr_labeler.yml
@@ -27,7 +27,8 @@ name: "🏷️ PR Labeler"
 
 on:
   # Safe since we're not checking out or running the PR's code.
-  # Never check out the PR's head in a pull_request_target job.
+  # NEVER CHECK OUT UNTRUSTED CODE FROM A PR's HEAD IN A pull_request_target JOB.
+  # Doing so would allow attackers to execute arbitrary code in the context of your repository.
   pull_request_target:
     types: [opened, synchronize, reopened, edited]
 
diff --git a/.github/workflows/require_issue_link.yml b/.github/workflows/require_issue_link.yml
index 5f43033aca4..cb300e8f72b 100644
--- a/.github/workflows/require_issue_link.yml
+++ b/.github/workflows/require_issue_link.yml
@@ -13,6 +13,8 @@ name: Require Issue Link
 
 on:
   pull_request_target:
+    # NEVER CHECK OUT UNTRUSTED CODE FROM A PR's HEAD IN A pull_request_target JOB.
+    # Doing so would allow attackers to execute arbitrary code in the context of your repository.
     types: [edited, reopened, labeled, unlabeled]
 
 # ──────────────────────────────────────────────────────────────────────────────