Security: Fix 4 findings in GitHub Actions workflows

[jpr5]

Security: 4 findings across 2 rules

Fixed (deterministic, no AI)

shell-injection-expr — What is this?

• tags_yaml_branch_pr_processing.yaml line 51: Attacker-controllable expression ${{ github.event.pull_request.head.ref }} in run: block — shell injection risk

Requires manual review

dangerous-triggers — What is this?

• labeler.yaml line 22: pull_request_target + checkout of PR head — fork code runs with base repo secrets
  • Fix: Use pull_request trigger instead, or don't checkout PR head code
• tags_yaml_branch_pr_processing.yaml line 24: pull_request_target + checkout of PR head — fork code runs with base repo secrets
  • Fix: Use pull_request trigger instead, or don't checkout PR head code
• tags_yaml_fork_pr_processing.yaml line 27: pull_request_target + checkout of PR head — fork code runs with base repo secrets
  • Fix: Use pull_request trigger instead, or don't checkout PR head code

How this was detected

This finding was identified by deterministic pattern matching — no AI or machine learning was used in the detection. Sentinel uses static analysis rules that match known-vulnerable YAML patterns against a database of documented exploit vectors. Every finding maps to a specific, reproducible pattern. Source code is open for inspection.

---

_{🛡️ This PR was generated by Sentinel, an open-source security scanner. Why this PR? · Free, no tracking}

✅ Add Sentinel to this repo · 🚫 Opt out of future PRs

[mfahlandt]

Hey @jpr5

Thank you for your PR. Unfortunately, we need to close and decline your PR.
All PRs towards CNCF and CNCF project repos need to include a Signed-off-by https://github.com/cncf/toc/pull/2166/checks?check_run_id=76586600958.

Also, you are using an automation towards a repository before raising a public discussion about the topic, and your opt-out link seems not to work.

You are welcome to reopen the PR manually with a signed-off commit without advertisement to tooling. Thank you for understanding.