From 1e574fc47136192c44e5ff4ef12651d9f64332c0 Mon Sep 17 00:00:00 2001
From: Joshua Snyder <joshua@timenavi.com>
Date: Tue, 25 Nov 2025 09:50:16 +0000
Subject: [PATCH 1/3] Change PR auditor trigger from pull_request_target to
 pull_request

---
 .github/workflows/pr-auditor.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/pr-auditor.yml b/.github/workflows/pr-auditor.yml
index 3fe422331..3b81cd146 100644
--- a/.github/workflows/pr-auditor.yml
+++ b/.github/workflows/pr-auditor.yml
@@ -1,7 +1,7 @@
 # See https://docs.sourcegraph.com/dev/background-information/ci#pr-auditor
 name: pr-auditor
 on:
-  pull_request_target:
+  pull_request:
     types: [ closed, edited, opened, synchronize, ready_for_review ]
 
 jobs:

From 4c9250d3832c74df9648f365fa5176783e4f6d32 Mon Sep 17 00:00:00 2001
From: Joshua Snyder <joshua@timenavi.com>
Date: Tue, 25 Nov 2025 09:50:46 +0000
Subject: [PATCH 2/3] Delete .github/workflows/pr-auditor.yml

---
 .github/workflows/pr-auditor.yml | 20 --------------------
 1 file changed, 20 deletions(-)
 delete mode 100644 .github/workflows/pr-auditor.yml

diff --git a/.github/workflows/pr-auditor.yml b/.github/workflows/pr-auditor.yml
deleted file mode 100644
index 3b81cd146..000000000
--- a/.github/workflows/pr-auditor.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-# See https://docs.sourcegraph.com/dev/background-information/ci#pr-auditor
-name: pr-auditor
-on:
-  pull_request:
-    types: [ closed, edited, opened, synchronize, ready_for_review ]
-
-jobs:
-  check-pr:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-        with: { repository: 'sourcegraph/sourcegraph' }
-      - uses: actions/setup-go@v2
-        with: { go-version: '1.18' }
-
-      - run: ./dev/pr-auditor/check-pr.sh
-        env:
-          GITHUB_EVENT_PATH: ${{ env.GITHUB_EVENT_PATH }}
-          GITHUB_TOKEN: ${{ secrets.CODENOTIFY_GITHUB_TOKEN }}
-          GITHUB_RUN_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}

From 122713f47b24a7a7e71723e5b9176938c38bf95e Mon Sep 17 00:00:00 2001
From: Joshua Snyder <joshua@posthog.com>
Date: Tue, 25 Nov 2025 14:21:32 +0000
Subject: [PATCH 3/3] block worfklow name

---
 .github/workflows/pr-auditor.yml | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 .github/workflows/pr-auditor.yml

diff --git a/.github/workflows/pr-auditor.yml b/.github/workflows/pr-auditor.yml
new file mode 100644
index 000000000..cfd3d091e
--- /dev/null
+++ b/.github/workflows/pr-auditor.yml
@@ -0,0 +1,25 @@
+# � SECURITY PLACEHOLDER - DO NOT USE THIS WORKFLOW NAME �
+#
+# This workflow previously existed and was compromised. This placeholder file
+# exists to allow blocking this workflow name in GitHub's branch protection rules.
+#
+# This prevents anyone from:
+# 1. Using a cached/previous version of a workflow with this name
+# 2. Re-creating a malicious workflow using this known-compromised name
+#
+# If you need to create a similar workflow, please use a
+# different name
+
+name: "[BLOCKED] Workflow name placeholder"
+
+on:
+  workflow_dispatch:
+
+jobs:
+  blocked:
+    runs-on: ubuntu-latest
+    steps:
+      - name: This workflow is blocked
+        run: |
+          echo "� A workflow with this name was previously compromised and is now blocked."
+          exit 1