During August 2025, p- contributed to the github/codeql repository by developing security-focused documentation aimed at clarifying the risks associated with untrusted code checkouts in GitHub Workflows. Their work detailed how executing scripts from a package.json file in pull requests could compromise repository integrity, providing guidance to mitigate such vulnerabilities. Using Markdown and leveraging expertise in documentation and security, p- aligned the repository’s workflow practices with established security standards. The documentation enhanced developer awareness of potential attack vectors and offered actionable recommendations for safer workflow configurations. This contribution addressed a specific security concern and improved the overall safety of the repository’s processes.