During October 2025, Orbisai focused on security hardening for CI/CD and development environments across the lfnovo/open-notebook and toeverything/AFFiNE repositories. They addressed a shell-injection vulnerability in GitHub Actions workflows by improving secret handling and environment variable management using Shell and YAML, reducing the risk of unauthorized code execution during builds. In AFFiNE, Orbisai enhanced container security by enabling the no-new-privileges flag in Docker development containers, mitigating privilege escalation risks. Their work demonstrated a strong grasp of DevOps, containerization, and security best practices, delivering targeted, auditable improvements that strengthened the security posture and reliability of automated release workflows.