From 0946142dae053ea9ad5fe566b6eceaa9d0a27460 Mon Sep 17 00:00:00 2001
From: Cory Miller <13227161+cory-miller@users.noreply.github.com>
Date: Fri, 12 Aug 2022 12:52:00 -0400
Subject: [PATCH] Add warning about delimiter injection (#29882)

---
 .../using-workflows/workflow-commands-for-github-actions.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/content/actions/using-workflows/workflow-commands-for-github-actions.md b/content/actions/using-workflows/workflow-commands-for-github-actions.md
index 22bd6c8815..c86943284f 100644
--- a/content/actions/using-workflows/workflow-commands-for-github-actions.md
+++ b/content/actions/using-workflows/workflow-commands-for-github-actions.md
@@ -628,6 +628,12 @@ For multiline strings, you may use a delimiter with the following syntax.
 {delimiter}
 ```
 
+{% warning %}
+
+**Warning:** Make sure the delimiter you're using is randomly generated and unique for each run. For more information, see "[Understanding the risk of script injections](/actions/security-guides/security-hardening-for-github-actions#understanding-the-risk-of-script-injections)".
+
+{% endwarning %}
+
 #### Example
 
 This example uses `EOF` as a delimiter, and sets the `JSON_RESPONSE` environment variable to the value of the `curl` response.