Worked on the github/codeql repository to enhance security documentation, focusing on the risks associated with untrusted code checkouts in GitHub Workflows. Developed detailed guidance in Markdown to clarify how executing scripts from a package.json file in pull requests can compromise repository integrity. Emphasized best practices for workflow configuration, helping developers understand and mitigate potential vulnerabilities related to script execution. The work aligned documentation with established security standards, supporting safer automation practices. Leveraged skills in documentation and security to improve developer awareness and reduce exposure to workflow-based threats, contributing to a more robust and secure development environment within the repository.