Clarify comments on input types in workflow_call.yml to enhance understanding of input constraints

tspascoal · tspascoal · commit c9ea8d1f2738 · 2026-04-07T10:41:16.000+01:00
diff --git a/actions/ql/test/query-tests/Security/CWE-094/.github/workflows/workflow_call.yml b/actions/ql/test/query-tests/Security/CWE-094/.github/workflows/workflow_call.yml
@@ -29,12 +29,12 @@ jobs:
         run: |
           echo "${{ inputs.title }}"
 
-      # Not vulnerable: number input (not a string type)
+      # Not vulnerable: number input constrained by GitHub to numeric values
       - name: safe number input
         run: |
           echo "${{ inputs.count }}"
 
-      # Not vulnerable: boolean input (not a string type)
+      # Not vulnerable: boolean input constrained by GitHub to true/false values
       - name: safe boolean input
         run: |
           echo "${{ inputs.flag }}"
