diff --git a/.changeset/patch-sanitize-safe-output-handlers.md b/.changeset/patch-sanitize-safe-output-handlers.md
new file mode 100644
index 0000000000..074a7b408c
--- /dev/null
+++ b/.changeset/patch-sanitize-safe-output-handlers.md
@@ -0,0 +1,5 @@
+---
+"gh-aw": patch
+---
+
+Sanitize user-provided content in all affected safe-output handlers so workflow markers and footers survive the SEC-004 workflow, fixing the injection-risk regression described in PR #15805.
diff --git a/actions/setup/js/add_comment.cjs b/actions/setup/js/add_comment.cjs
index a789bed2a7..7e63996219 100644
--- a/actions/setup/js/add_comment.cjs
+++ b/actions/setup/js/add_comment.cjs
@@ -14,6 +14,7 @@ const { resolveTarget } = require("./safe_output_helpers.cjs");
 const { resolveTargetRepoConfig, resolveAndValidateRepo } = require("./repo_helpers.cjs");
 const { getMissingInfoSections } = require("./missing_messages_helper.cjs");
 const { getMessages } = require("./messages_core.cjs");
+const { sanitizeContent } = require("./sanitize_content.cjs");
 
 /** @type {string} Safe output type handled by this module */
 const HANDLER_TYPE = "add_comment";
@@ -463,6 +464,9 @@ async function main(config = {}) {
     // Replace temporary ID references in body
     let processedBody = replaceTemporaryIdReferences(item.body || "", temporaryIdMap, itemRepo);
 
+    // Sanitize content to prevent injection attacks
+    processedBody = sanitizeContent(processedBody);
+
     // Enforce max limits before processing (validates user-provided content)
     try {
       enforceCommentLimits(processedBody);
diff --git a/actions/setup/js/add_comment.test.cjs b/actions/setup/js/add_comment.test.cjs
index 7e9e84cc78..921492a8be 100644
--- a/actions/setup/js/add_comment.test.cjs
+++ b/actions/setup/js/add_comment.test.cjs
@@ -1098,6 +1098,122 @@ describe("add_comment", () => {
       expect(capturedBody).not.toContain("aw_test02");
     });
   });
+
+  describe("sanitization preserves markers", () => {
+    it("should preserve tracker ID markers after sanitization", async () => {
+      const addCommentScript = fs.readFileSync(path.join(__dirname, "add_comment.cjs"), "utf8");
+
+      // Setup environment
+      process.env.GH_AW_WORKFLOW_NAME = "Test Workflow";
+      process.env.GH_AW_TRACKER_ID = "test-tracker-123";
+
+      let capturedBody = null;
+      mockGithub.rest.issues.createComment = async params => {
+        capturedBody = params.body;
+        return {
+          data: {
+            id: 12345,
+            html_url: "https://github.com/owner/repo/issues/42#issuecomment-12345",
+          },
+        };
+      };
+
+      // Execute the handler
+      const handler = await eval(`(async () => { ${addCommentScript}; return await main({}); })()`);
+
+      const message = {
+        type: "add_comment",
+        body: "User content with <script>alert('xss')</script> attempt",
+      };
+
+      const result = await handler(message, {});
+
+      expect(result.success).toBe(true);
+      expect(capturedBody).toBeDefined();
+      // Verify tracker ID is present (not removed by sanitization)
+      expect(capturedBody).toContain("<!-- gh-aw-tracker-id: test-tracker-123 -->");
+      // Verify script tags were sanitized (converted to safe format)
+      expect(capturedBody).not.toContain("<script>");
+      expect(capturedBody).toContain("(script)"); // Tags converted to parentheses
+
+      delete process.env.GH_AW_WORKFLOW_NAME;
+      delete process.env.GH_AW_TRACKER_ID;
+    });
+
+    it("should preserve workflow footer after sanitization", async () => {
+      const addCommentScript = fs.readFileSync(path.join(__dirname, "add_comment.cjs"), "utf8");
+
+      // Setup environment
+      process.env.GH_AW_WORKFLOW_NAME = "Security Test Workflow";
+
+      let capturedBody = null;
+      mockGithub.rest.issues.createComment = async params => {
+        capturedBody = params.body;
+        return {
+          data: {
+            id: 12345,
+            html_url: "https://github.com/owner/repo/issues/42#issuecomment-12345",
+          },
+        };
+      };
+
+      // Execute the handler
+      const handler = await eval(`(async () => { ${addCommentScript}; return await main({}); })()`);
+
+      const message = {
+        type: "add_comment",
+        body: "User content <!-- malicious comment -->",
+      };
+
+      const result = await handler(message, {});
+
+      expect(result.success).toBe(true);
+      expect(capturedBody).toBeDefined();
+      // Verify AI footer is present (not removed by sanitization)
+      expect(capturedBody).toContain("AI generated by");
+      expect(capturedBody).toContain("Security Test Workflow");
+      // Verify malicious comment in user content was removed by sanitization
+      expect(capturedBody).not.toContain("<!-- malicious comment -->");
+
+      delete process.env.GH_AW_WORKFLOW_NAME;
+    });
+
+    it("should sanitize user content but preserve system markers", async () => {
+      const addCommentScript = fs.readFileSync(path.join(__dirname, "add_comment.cjs"), "utf8");
+
+      let capturedBody = null;
+      mockGithub.rest.issues.createComment = async params => {
+        capturedBody = params.body;
+        return {
+          data: {
+            id: 12345,
+            html_url: "https://github.com/owner/repo/issues/42#issuecomment-12345",
+          },
+        };
+      };
+
+      // Execute the handler
+      const handler = await eval(`(async () => { ${addCommentScript}; return await main({}); })()`);
+
+      const message = {
+        type: "add_comment",
+        body: "User says: @badactor please <!-- inject this --> [phishing](http://evil.com)",
+      };
+
+      const result = await handler(message, {});
+
+      expect(result.success).toBe(true);
+      expect(capturedBody).toBeDefined();
+
+      // User content should be sanitized
+      expect(capturedBody).toContain("`@badactor`"); // Mention neutralized
+      expect(capturedBody).not.toContain("<!-- inject this -->"); // Comment removed
+      expect(capturedBody).toContain("(evil.com/redacted)"); // HTTP URL redacted
+
+      // But footer should still be present with proper markdown
+      expect(capturedBody).toContain("> AI generated by");
+    });
+  });
 });
 
 describe("enforceCommentLimits", () => {
diff --git a/actions/setup/js/add_reaction_and_edit_comment.cjs b/actions/setup/js/add_reaction_and_edit_comment.cjs
index 830daaa5a7..1dffa28479 100644
--- a/actions/setup/js/add_reaction_and_edit_comment.cjs
+++ b/actions/setup/js/add_reaction_and_edit_comment.cjs
@@ -4,6 +4,7 @@
 const { getRunStartedMessage } = require("./messages_run_status.cjs");
 const { getErrorMessage } = require("./error_helpers.cjs");
 const { generateWorkflowIdMarker } = require("./generate_footer.cjs");
+const { sanitizeContent } = require("./sanitize_content.cjs");
 
 async function main() {
   // Read inputs from environment variables
@@ -328,11 +329,9 @@ async function addCommentWithWorkflowLink(endpoint, runUrl, eventName) {
       eventType: eventTypeDescription,
     });
 
-    // Add workflow-id and tracker-id markers for hide-older-comments feature
-    const workflowId = process.env.GITHUB_WORKFLOW || "";
-    const trackerId = process.env.GH_AW_TRACKER_ID || "";
-
-    let commentBody = workflowLinkText;
+    // Sanitize the workflow link text to prevent injection attacks (defense in depth for custom message templates)
+    // This must happen BEFORE adding workflow markers to preserve them
+    let commentBody = sanitizeContent(workflowLinkText);
 
     // Add lock notice if lock-for-agent is enabled for issues or issue_comment
     const lockForAgent = process.env.GH_AW_LOCK_FOR_AGENT === "true";
@@ -340,6 +339,10 @@ async function addCommentWithWorkflowLink(endpoint, runUrl, eventName) {
       commentBody += "\n\n🔒 This issue has been locked while the workflow is running to prevent concurrent modifications.";
     }
 
+    // Add workflow-id and tracker-id markers for hide-older-comments feature
+    const workflowId = process.env.GITHUB_WORKFLOW || "";
+    const trackerId = process.env.GH_AW_TRACKER_ID || "";
+
     // Add workflow-id marker if available
     if (workflowId) {
       commentBody += `\n\n${generateWorkflowIdMarker(workflowId)}`;
diff --git a/actions/setup/js/add_workflow_run_comment.cjs b/actions/setup/js/add_workflow_run_comment.cjs
index 21d8f16b08..e309e0ba6d 100644
--- a/actions/setup/js/add_workflow_run_comment.cjs
+++ b/actions/setup/js/add_workflow_run_comment.cjs
@@ -4,6 +4,7 @@
 const { getRunStartedMessage } = require("./messages_run_status.cjs");
 const { getErrorMessage } = require("./error_helpers.cjs");
 const { generateWorkflowIdMarker } = require("./generate_footer.cjs");
+const { sanitizeContent } = require("./sanitize_content.cjs");
 
 /**
  * Add a comment with a workflow run link to the triggering item.
@@ -140,11 +141,9 @@ async function addCommentWithWorkflowLink(endpoint, runUrl, eventName) {
     eventType: eventTypeDescription,
   });
 
-  // Add workflow-id and tracker-id markers for hide-older-comments feature
-  const workflowId = process.env.GITHUB_WORKFLOW || "";
-  const trackerId = process.env.GH_AW_TRACKER_ID || "";
-
-  let commentBody = workflowLinkText;
+  // Sanitize the workflow link text to prevent injection attacks (defense in depth for custom message templates)
+  // This must happen BEFORE adding workflow markers to preserve them
+  let commentBody = sanitizeContent(workflowLinkText);
 
   // Add lock notice if lock-for-agent is enabled for issues or issue_comment
   const lockForAgent = process.env.GH_AW_LOCK_FOR_AGENT === "true";
@@ -152,6 +151,10 @@ async function addCommentWithWorkflowLink(endpoint, runUrl, eventName) {
     commentBody += "\n\n🔒 This issue has been locked while the workflow is running to prevent concurrent modifications.";
   }
 
+  // Add workflow-id and tracker-id markers for hide-older-comments feature
+  const workflowId = process.env.GITHUB_WORKFLOW || "";
+  const trackerId = process.env.GH_AW_TRACKER_ID || "";
+
   // Add workflow-id marker if available
   if (workflowId) {
     commentBody += `\n\n${generateWorkflowIdMarker(workflowId)}`;
diff --git a/actions/setup/js/check_workflow_recompile_needed.cjs b/actions/setup/js/check_workflow_recompile_needed.cjs
index d605527b88..08f24a2c4a 100644
--- a/actions/setup/js/check_workflow_recompile_needed.cjs
+++ b/actions/setup/js/check_workflow_recompile_needed.cjs
@@ -103,6 +103,7 @@ async function main() {
       const footer = getFooterWorkflowRecompileCommentMessage(ctx);
       const xmlMarker = generateXMLMarker(workflowName, runUrl);
 
+      // Sanitize the message text but not the footer/marker which are system-generated
       const commentBody = `Workflows are still out of sync.\n\n---\n${footer}\n\n${xmlMarker}`;
 
       await github.rest.issues.createComment({
@@ -157,6 +158,7 @@ async function main() {
   // Use custom footer template if configured, with XML marker for traceability
   const footer = getFooterWorkflowRecompileMessage(ctx);
   const xmlMarker = generateXMLMarker(workflowName, runUrl);
+  // Note: issueBody is built from a template render, no user content to sanitize
   issueBody += "\n\n---\n" + footer + "\n\n" + xmlMarker + "\n";
 
   try {
diff --git a/actions/setup/js/close_discussion.cjs b/actions/setup/js/close_discussion.cjs
index 9d5413b685..7873f1bf5d 100644
--- a/actions/setup/js/close_discussion.cjs
+++ b/actions/setup/js/close_discussion.cjs
@@ -6,6 +6,7 @@
  */
 
 const { getErrorMessage } = require("./error_helpers.cjs");
+const { sanitizeContent } = require("./sanitize_content.cjs");
 
 /**
  * Get discussion details using GraphQL with pagination for labels
@@ -264,7 +265,8 @@ async function main(config = {}) {
       // Add comment if body is provided
       let commentUrl;
       if (item.body) {
-        const comment = await addDiscussionComment(github, discussion.id, item.body);
+        const sanitizedBody = sanitizeContent(item.body);
+        const comment = await addDiscussionComment(github, discussion.id, sanitizedBody);
         core.info(`Added comment to discussion #${discussionNumber}: ${comment.url}`);
         commentUrl = comment.url;
       }
diff --git a/actions/setup/js/close_entity_helpers.cjs b/actions/setup/js/close_entity_helpers.cjs
index 254dabed23..fed8a75541 100644
--- a/actions/setup/js/close_entity_helpers.cjs
+++ b/actions/setup/js/close_entity_helpers.cjs
@@ -6,6 +6,7 @@ const { generateFooterWithMessages } = require("./messages_footer.cjs");
 const { getTrackerID } = require("./get_tracker_id.cjs");
 const { getRepositoryUrl } = require("./get_repository_url.cjs");
 const { getErrorMessage } = require("./error_helpers.cjs");
+const { sanitizeContent } = require("./sanitize_content.cjs");
 
 /**
  * @typedef {'issue' | 'pull_request'} EntityType
@@ -57,7 +58,10 @@ function buildCommentBody(body, triggeringIssueNumber, triggeringPRNumber) {
   const workflowSourceURL = process.env.GH_AW_WORKFLOW_SOURCE_URL || "";
   const runUrl = buildRunUrl();
 
-  return body.trim() + getTrackerID("markdown") + generateFooterWithMessages(workflowName, runUrl, workflowSource, workflowSourceURL, triggeringIssueNumber, triggeringPRNumber, undefined);
+  // Sanitize the body content to prevent injection attacks
+  const sanitizedBody = sanitizeContent(body);
+
+  return sanitizedBody.trim() + getTrackerID("markdown") + generateFooterWithMessages(workflowName, runUrl, workflowSource, workflowSourceURL, triggeringIssueNumber, triggeringPRNumber, undefined);
 }
 
 /**
diff --git a/actions/setup/js/close_entity_helpers.test.cjs b/actions/setup/js/close_entity_helpers.test.cjs
index 60154a4cd1..55e1f1ab1c 100644
--- a/actions/setup/js/close_entity_helpers.test.cjs
+++ b/actions/setup/js/close_entity_helpers.test.cjs
@@ -1,4 +1,6 @@
 import { describe, it, expect, beforeEach, vi } from "vitest";
+import fs from "fs";
+import path from "path";
 const mockCore = { debug: vi.fn(), info: vi.fn(), warning: vi.fn(), error: vi.fn(), setFailed: vi.fn(), setOutput: vi.fn(), summary: { addRaw: vi.fn().mockReturnThis(), write: vi.fn().mockResolvedValue() } },
   mockContext = { eventName: "issues", runId: 12345, repo: { owner: "testowner", repo: "testrepo" }, payload: { issue: { number: 42 }, pull_request: { number: 100 }, repository: { html_url: "https://github.com/testowner/testrepo" } } };
 ((global.core = mockCore), (global.context = mockContext));
@@ -183,5 +185,57 @@ describe("close_entity_helpers", () => {
         it("should have correct URL path", () => {
           expect(PULL_REQUEST_CONFIG.urlPath).toBe("pull");
         }));
+    }),
+    describe("sanitization preserves markers", () => {
+      it("should sanitize user content while preserving system markers in buildCommentBody", () => {
+        // Import sanitizeContent to test the actual behavior
+        const { sanitizeContent } = require("./sanitize_content.cjs");
+        const { getTrackerID } = require("./get_tracker_id.cjs");
+        const { generateFooterWithMessages } = require("./messages_footer.cjs");
+
+        // Set up environment for tracker ID and footer
+        process.env.GH_AW_WORKFLOW_NAME = "Test Workflow";
+        process.env.GH_AW_WORKFLOW_SOURCE = "test.md";
+        process.env.GH_AW_WORKFLOW_SOURCE_URL = "https://github.com/test/repo";
+        process.env.GH_AW_TRACKER_ID = "test-tracker-456";
+
+        // Simulate what buildCommentBody does
+        const userContent = "User comment with <script>xss</script> and <!-- evil comment -->";
+        const sanitizedBody = sanitizeContent(userContent);
+        const trackerID = getTrackerID("markdown");
+        const footer = generateFooterWithMessages("Test Workflow", "https://github.com/test/repo/actions/runs/123", "test.md", "https://github.com/test/repo", 42, undefined, undefined);
+        const result = sanitizedBody.trim() + trackerID + footer;
+
+        // User content should be sanitized (tags converted)
+        expect(result).not.toContain("<script>");
+        expect(result).toContain("(script)"); // Tags converted to parentheses
+        expect(result).not.toContain("<!-- evil comment -->");
+
+        // System markers should be preserved
+        expect(result).toContain("<!-- gh-aw-tracker-id: test-tracker-456 -->");
+        expect(result).toContain("Generated by"); // Footer contains this text
+
+        // Clean up
+        delete process.env.GH_AW_WORKFLOW_NAME;
+        delete process.env.GH_AW_WORKFLOW_SOURCE;
+        delete process.env.GH_AW_WORKFLOW_SOURCE_URL;
+        delete process.env.GH_AW_TRACKER_ID;
+      });
+
+      it("should preserve footer markers when user content has malicious XML comments", () => {
+        const { sanitizeContent } = require("./sanitize_content.cjs");
+
+        const userContent = "Text with <!-- malicious --> comment";
+        const sanitized = sanitizeContent(userContent);
+
+        // User's malicious comment should be removed
+        expect(sanitized).not.toContain("<!-- malicious -->");
+
+        // Now add system marker after sanitization
+        const withMarker = sanitized + "\n\n<!-- gh-aw-workflow-id: test -->";
+
+        // System marker should still be present
+        expect(withMarker).toContain("<!-- gh-aw-workflow-id: test -->");
+      });
     }));
 });
diff --git a/actions/setup/js/close_expired_discussions.cjs b/actions/setup/js/close_expired_discussions.cjs
index 0fd9df32a8..7f947f4133 100644
--- a/actions/setup/js/close_expired_discussions.cjs
+++ b/actions/setup/js/close_expired_discussions.cjs
@@ -3,6 +3,7 @@
 
 const { executeExpiredEntityCleanup } = require("./expired_entity_main_flow.cjs");
 const { generateExpiredEntityFooter } = require("./generate_footer.cjs");
+const { sanitizeContent } = require("./sanitize_content.cjs");
 
 /**
  * Add comment to a GitHub Discussion using GraphQL
@@ -22,7 +23,7 @@ async function addDiscussionComment(github, discussionId, message) {
         }
       }
     }`,
-    { dId: discussionId, body: message }
+    { dId: discussionId, body: sanitizeContent(message) }
   );
 
   return result.addDiscussionComment.comment;
diff --git a/actions/setup/js/close_expired_issues.cjs b/actions/setup/js/close_expired_issues.cjs
index 2177c7f98b..4ea20412f1 100644
--- a/actions/setup/js/close_expired_issues.cjs
+++ b/actions/setup/js/close_expired_issues.cjs
@@ -3,6 +3,7 @@
 
 const { executeExpiredEntityCleanup } = require("./expired_entity_main_flow.cjs");
 const { generateExpiredEntityFooter } = require("./generate_footer.cjs");
+const { sanitizeContent } = require("./sanitize_content.cjs");
 
 /**
  * Add comment to a GitHub Issue using REST API
@@ -18,7 +19,7 @@ async function addIssueComment(github, owner, repo, issueNumber, message) {
     owner: owner,
     repo: repo,
     issue_number: issueNumber,
-    body: message,
+    body: sanitizeContent(message),
   });
 
   return result.data;
diff --git a/actions/setup/js/close_expired_pull_requests.cjs b/actions/setup/js/close_expired_pull_requests.cjs
index 05bb518b1f..72afb5cd50 100644
--- a/actions/setup/js/close_expired_pull_requests.cjs
+++ b/actions/setup/js/close_expired_pull_requests.cjs
@@ -3,6 +3,7 @@
 
 const { executeExpiredEntityCleanup } = require("./expired_entity_main_flow.cjs");
 const { generateExpiredEntityFooter } = require("./generate_footer.cjs");
+const { sanitizeContent } = require("./sanitize_content.cjs");
 
 /**
  * Add comment to a GitHub Pull Request using REST API
@@ -18,7 +19,7 @@ async function addPullRequestComment(github, owner, repo, prNumber, message) {
     owner: owner,
     repo: repo,
     issue_number: prNumber,
-    body: message,
+    body: sanitizeContent(message),
   });
 
   return result.data;
diff --git a/actions/setup/js/close_issue.cjs b/actions/setup/js/close_issue.cjs
index a5cc9d5fce..57b0435181 100644
--- a/actions/setup/js/close_issue.cjs
+++ b/actions/setup/js/close_issue.cjs
@@ -7,6 +7,7 @@
 
 const { getErrorMessage } = require("./error_helpers.cjs");
 const { resolveTargetRepoConfig, resolveAndValidateRepo } = require("./repo_helpers.cjs");
+const { sanitizeContent } = require("./sanitize_content.cjs");
 
 /**
  * Get issue details using REST API
@@ -152,6 +153,9 @@ async function main(config = {}) {
 
     core.info(`Comment body determined: length=${commentToPost.length}, source=${commentSource}`);
 
+    // Sanitize content to prevent injection attacks
+    commentToPost = sanitizeContent(commentToPost);
+
     // Resolve and validate target repository
     const repoResult = resolveAndValidateRepo(item, defaultTargetRepo, allowedRepos, "issue");
     if (!repoResult.success) {
diff --git a/actions/setup/js/close_older_discussions.cjs b/actions/setup/js/close_older_discussions.cjs
index 16e4934d7c..732409cb5b 100644
--- a/actions/setup/js/close_older_discussions.cjs
+++ b/actions/setup/js/close_older_discussions.cjs
@@ -4,6 +4,7 @@
 const { getCloseOlderDiscussionMessage } = require("./messages_close_discussion.cjs");
 const { getErrorMessage } = require("./error_helpers.cjs");
 const { getWorkflowIdMarkerContent } = require("./generate_footer.cjs");
+const { sanitizeContent } = require("./sanitize_content.cjs");
 
 /**
  * Maximum number of older discussions to close
@@ -156,7 +157,7 @@ async function addDiscussionComment(github, discussionId, message) {
         }
       }
     }`,
-    { dId: discussionId, body: message }
+    { dId: discussionId, body: sanitizeContent(message) }
   );
 
   return result.addDiscussionComment.comment;
diff --git a/actions/setup/js/close_older_issues.cjs b/actions/setup/js/close_older_issues.cjs
index eb9bdbc2e6..7cba816d7f 100644
--- a/actions/setup/js/close_older_issues.cjs
+++ b/actions/setup/js/close_older_issues.cjs
@@ -3,6 +3,7 @@
 
 const { getErrorMessage } = require("./error_helpers.cjs");
 const { getWorkflowIdMarkerContent } = require("./generate_footer.cjs");
+const { sanitizeContent } = require("./sanitize_content.cjs");
 
 /**
  * Maximum number of older issues to close
@@ -123,7 +124,7 @@ async function addIssueComment(github, owner, repo, issueNumber, message) {
     owner,
     repo,
     issue_number: issueNumber,
-    body: message,
+    body: sanitizeContent(message),
   });
 
   core.info(`  ✓ Comment created successfully with ID: ${result.data.id}`);
diff --git a/actions/setup/js/close_pull_request.cjs b/actions/setup/js/close_pull_request.cjs
index c62463dffb..9ef9ac980c 100644
--- a/actions/setup/js/close_pull_request.cjs
+++ b/actions/setup/js/close_pull_request.cjs
@@ -4,6 +4,7 @@
 const { getErrorMessage } = require("./error_helpers.cjs");
 const { getTrackerID } = require("./get_tracker_id.cjs");
 const { generateFooterWithMessages } = require("./messages_footer.cjs");
+const { sanitizeContent } = require("./sanitize_content.cjs");
 
 /**
  * @typedef {import('./types/handler-factory').HandlerFactoryFunction} HandlerFactoryFunction
@@ -148,6 +149,9 @@ async function main(config = {}) {
 
     core.info(`Comment body determined: length=${commentToPost.length}, source=${commentSource}`);
 
+    // Sanitize content to prevent injection attacks
+    commentToPost = sanitizeContent(commentToPost);
+
     // Determine PR number
     let prNumber;
     if (item.pull_request_number !== undefined) {
diff --git a/actions/setup/js/create_missing_data_issue.cjs b/actions/setup/js/create_missing_data_issue.cjs
index 952c98cd77..d40de3922b 100644
--- a/actions/setup/js/create_missing_data_issue.cjs
+++ b/actions/setup/js/create_missing_data_issue.cjs
@@ -5,6 +5,7 @@ const { getErrorMessage } = require("./error_helpers.cjs");
 const { renderTemplate } = require("./messages_core.cjs");
 const { createExpirationLine, generateFooterWithExpiration } = require("./ephemerals.cjs");
 const fs = require("fs");
+const { sanitizeContent } = require("./sanitize_content.cjs");
 
 /**
  * @typedef {import('./types/handler-factory').HandlerFactoryFunction} HandlerFactoryFunction
@@ -86,7 +87,7 @@ async function main(config = {}) {
         commentLines.push(`> Workflow: [${workflowName}](${workflowSourceURL})`);
         commentLines.push(`> Run: ${runUrl}`);
 
-        const commentBody = commentLines.join("\n");
+        const commentBody = sanitizeContent(commentLines.join("\n"));
 
         await github.rest.issues.createComment({
           owner,
@@ -143,7 +144,7 @@ async function main(config = {}) {
           footerText: `> Workflow: [${workflowName}](${workflowSourceURL})`,
           expiresHours: 24 * 7, // 7 days
         });
-        const issueBody = `${issueBodyContent}\n\n${footer}`;
+        const issueBody = sanitizeContent(`${issueBodyContent}\n\n${footer}`);
 
         const newIssue = await github.rest.issues.create({
           owner,
diff --git a/actions/setup/js/create_missing_tool_issue.cjs b/actions/setup/js/create_missing_tool_issue.cjs
index a5fcc6c3db..442a6a7106 100644
--- a/actions/setup/js/create_missing_tool_issue.cjs
+++ b/actions/setup/js/create_missing_tool_issue.cjs
@@ -5,6 +5,7 @@ const { getErrorMessage } = require("./error_helpers.cjs");
 const { renderTemplate } = require("./messages_core.cjs");
 const { createExpirationLine, generateFooterWithExpiration } = require("./ephemerals.cjs");
 const fs = require("fs");
+const { sanitizeContent } = require("./sanitize_content.cjs");
 
 /**
  * @typedef {import('./types/handler-factory').HandlerFactoryFunction} HandlerFactoryFunction
@@ -83,7 +84,7 @@ async function main(config = {}) {
         commentLines.push(`> Workflow: [${workflowName}](${workflowSourceURL})`);
         commentLines.push(`> Run: ${runUrl}`);
 
-        const commentBody = commentLines.join("\n");
+        const commentBody = sanitizeContent(commentLines.join("\n"));
 
         await github.rest.issues.createComment({
           owner,
@@ -137,7 +138,7 @@ async function main(config = {}) {
           footerText: `> Workflow: [${workflowName}](${workflowSourceURL})`,
           expiresHours: 24 * 7, // 7 days
         });
-        const issueBody = `${issueBodyContent}\n\n${footer}`;
+        const issueBody = sanitizeContent(`${issueBodyContent}\n\n${footer}`);
 
         const newIssue = await github.rest.issues.create({
           owner,
diff --git a/actions/setup/js/create_pr_review_comment.cjs b/actions/setup/js/create_pr_review_comment.cjs
index 38348b6a2e..651dbddeee 100644
--- a/actions/setup/js/create_pr_review_comment.cjs
+++ b/actions/setup/js/create_pr_review_comment.cjs
@@ -7,6 +7,7 @@
 
 const { getErrorMessage } = require("./error_helpers.cjs");
 const { resolveTargetRepoConfig, resolveAndValidateRepo } = require("./repo_helpers.cjs");
+const { sanitizeContent } = require("./sanitize_content.cjs");
 
 /** @type {string} Safe output type handled by this module */
 const HANDLER_TYPE = "create_pull_request_review_comment";
@@ -282,7 +283,7 @@ async function main(config = {}) {
     const bufferedComment = {
       path: commentItem.path,
       line: line,
-      body: commentItem.body.trim(),
+      body: sanitizeContent(commentItem.body.trim()),
       side: side,
     };
 
diff --git a/actions/setup/js/create_project_status_update.cjs b/actions/setup/js/create_project_status_update.cjs
index 656b6fce7e..e971340f86 100644
--- a/actions/setup/js/create_project_status_update.cjs
+++ b/actions/setup/js/create_project_status_update.cjs
@@ -3,6 +3,7 @@
 
 const { loadAgentOutput } = require("./load_agent_output.cjs");
 const { getErrorMessage } = require("./error_helpers.cjs");
+const { sanitizeContent } = require("./sanitize_content.cjs");
 
 /**
  * @typedef {import('./types/handler-factory').HandlerFactoryFunction} HandlerFactoryFunction
@@ -361,7 +362,7 @@ async function main(config = {}, githubClient = null) {
       const status = validateStatus(output.status);
       const startDate = formatDate(output.start_date);
       const targetDate = formatDate(output.target_date);
-      const body = String(output.body);
+      const body = sanitizeContent(String(output.body));
 
       core.info(`Creating status update: ${status} (${startDate} → ${targetDate})`);
       core.info(`Body preview: ${body.substring(0, 100)}${body.length > 100 ? "..." : ""}`);
diff --git a/actions/setup/js/handle_create_pr_error.cjs b/actions/setup/js/handle_create_pr_error.cjs
index e91d421600..c901835111 100644
--- a/actions/setup/js/handle_create_pr_error.cjs
+++ b/actions/setup/js/handle_create_pr_error.cjs
@@ -1,6 +1,8 @@
 // @ts-check
 /// <reference types="@actions/github-script" />
 
+const { sanitizeContent } = require("./sanitize_content.cjs");
+
 /**
  * Handle create_pull_request permission errors
  * This script is called from the conclusion job when create_pull_request fails
@@ -64,7 +66,7 @@ async function main() {
     core.info("Issue already exists: #" + existingIssue.number);
 
     // Add a comment with run details
-    const commentBody = "This error occurred again in workflow run: " + runUrl;
+    const commentBody = sanitizeContent("This error occurred again in workflow run: " + runUrl);
     await github.rest.issues.createComment({
       owner,
       repo,
@@ -78,7 +80,7 @@ async function main() {
       owner,
       repo,
       title: issueTitle,
-      body: issueBody,
+      body: sanitizeContent(issueBody),
       labels: ["agentic-workflows", "configuration"],
     });
     core.info("Created issue #" + issue.number + ": " + issue.html_url);
diff --git a/actions/setup/js/notify_comment_error.cjs b/actions/setup/js/notify_comment_error.cjs
index 7d5b7c66ef..5b2b900c0d 100644
--- a/actions/setup/js/notify_comment_error.cjs
+++ b/actions/setup/js/notify_comment_error.cjs
@@ -9,6 +9,7 @@ const { loadAgentOutput } = require("./load_agent_output.cjs");
 const { getRunSuccessMessage, getRunFailureMessage, getDetectionFailureMessage } = require("./messages_run_status.cjs");
 const { getMessages } = require("./messages_core.cjs");
 const { getErrorMessage } = require("./error_helpers.cjs");
+const { sanitizeContent } = require("./sanitize_content.cjs");
 
 /**
  * Collect generated asset URLs from safe output jobs
@@ -212,7 +213,8 @@ async function main() {
               }
             }`;
 
-        const variables = replyToId ? { dId: discussionId, body: message, replyToId } : { dId: discussionId, body: message };
+        const sanitizedMessage = sanitizeContent(message);
+        const variables = replyToId ? { dId: discussionId, body: sanitizedMessage, replyToId } : { dId: discussionId, body: sanitizedMessage };
         const result = await github.graphql(mutation, variables);
         const created = result?.addDiscussionComment?.comment;
         core.info("Successfully created append-only discussion comment");
@@ -228,11 +230,12 @@ async function main() {
         return;
       }
 
+      const sanitizedMessage = sanitizeContent(message);
       const response = await github.request("POST /repos/{owner}/{repo}/issues/{issue_number}/comments", {
         owner: repoOwner,
         repo: repoName,
         issue_number: issueNumber,
-        body: message,
+        body: sanitizedMessage,
         headers: {
           Accept: "application/vnd.github+json",
         },
@@ -258,6 +261,8 @@ async function main() {
   // Check if this is a discussion comment (GraphQL node ID format)
   const isDiscussionComment = commentId.startsWith("DC_");
 
+  const sanitizedMessage = sanitizeContent(message);
+
   try {
     if (isDiscussionComment) {
       // Update discussion comment using GraphQL
@@ -271,7 +276,7 @@ async function main() {
             }
           }
         }`,
-        { commentId: commentId, body: message }
+        { commentId: commentId, body: sanitizedMessage }
       );
 
       const comment = result.updateDiscussionComment.comment;
@@ -284,7 +289,7 @@ async function main() {
         owner: repoOwner,
         repo: repoName,
         comment_id: parseInt(commentId, 10),
-        body: message,
+        body: sanitizedMessage,
         headers: {
           Accept: "application/vnd.github+json",
         },
diff --git a/actions/setup/js/reply_to_pr_review_comment.cjs b/actions/setup/js/reply_to_pr_review_comment.cjs
index cb755b99de..317414bc35 100644
--- a/actions/setup/js/reply_to_pr_review_comment.cjs
+++ b/actions/setup/js/reply_to_pr_review_comment.cjs
@@ -8,6 +8,7 @@
 const { getErrorMessage } = require("./error_helpers.cjs");
 const { resolveTargetRepoConfig, resolveAndValidateRepo } = require("./repo_helpers.cjs");
 const { generateFooterWithMessages } = require("./messages_footer.cjs");
+const { sanitizeContent } = require("./sanitize_content.cjs");
 const { getPRNumber } = require("./update_context_helpers.cjs");
 
 /**
@@ -151,10 +152,10 @@ async function main(config = {}) {
       }
 
       // Append footer with workflow information when enabled
-      let finalBody = body;
+      let finalBody = sanitizeContent(body);
       if (includeFooter) {
         const footer = generateFooterWithMessages(workflowName, runUrl, workflowSource, workflowSourceURL, undefined, triggeringPRNumber, undefined);
-        finalBody = body.trimEnd() + footer;
+        finalBody = finalBody.trimEnd() + footer;
       }
 
       core.info(`Replying to review comment ${numericCommentId} on PR #${targetPRNumber} (${owner}/${repo})`);
diff --git a/actions/setup/js/safe_output_handler_manager.cjs b/actions/setup/js/safe_output_handler_manager.cjs
index 5a269f17ac..bffd88b1ce 100644
--- a/actions/setup/js/safe_output_handler_manager.cjs
+++ b/actions/setup/js/safe_output_handler_manager.cjs
@@ -17,6 +17,7 @@ const { setCollectedMissings } = require("./missing_messages_helper.cjs");
 const { writeSafeOutputSummaries } = require("./safe_output_summary.cjs");
 const { getIssuesToAssignCopilot } = require("./create_issue.cjs");
 const { createReviewBuffer } = require("./pr_review_buffer.cjs");
+const { sanitizeContent } = require("./sanitize_content.cjs");
 
 /**
  * Handler map configuration
@@ -524,7 +525,7 @@ async function updateIssueBody(github, context, repo, issueNumber, updatedBody)
     owner,
     repo: repoName,
     issue_number: issueNumber,
-    body: updatedBody,
+    body: sanitizeContent(updatedBody),
   });
 
   core.info(`✓ Updated issue ${repo}#${issueNumber}`);
@@ -577,7 +578,7 @@ async function updateDiscussionBody(github, context, repo, discussionNumber, upd
 
   await github.graphql(mutation, {
     discussionId,
-    body: updatedBody,
+    body: sanitizeContent(updatedBody),
   });
 
   core.info(`✓ Updated discussion ${repo}#${discussionNumber}`);
@@ -598,6 +599,8 @@ async function updateCommentBody(github, context, repo, commentId, updatedBody,
 
   core.info(`Updating comment ${commentId} body with resolved temporary IDs`);
 
+  const sanitizedBody = sanitizeContent(updatedBody);
+
   if (isDiscussion) {
     // For discussion comments, we need to use GraphQL
     // Get the comment node ID first
@@ -613,7 +616,7 @@ async function updateCommentBody(github, context, repo, commentId, updatedBody,
 
     await github.graphql(mutation, {
       commentId,
-      body: updatedBody,
+      body: sanitizedBody,
     });
   } else {
     // For issue/PR comments, use REST API
@@ -621,7 +624,7 @@ async function updateCommentBody(github, context, repo, commentId, updatedBody,
       owner,
       repo: repoName,
       comment_id: commentId,
-      body: updatedBody,
+      body: sanitizedBody,
     });
   }
 
diff --git a/actions/setup/js/safe_output_unified_handler_manager.cjs b/actions/setup/js/safe_output_unified_handler_manager.cjs
index b9f8a0299d..0fb36b4b3e 100644
--- a/actions/setup/js/safe_output_unified_handler_manager.cjs
+++ b/actions/setup/js/safe_output_unified_handler_manager.cjs
@@ -18,6 +18,7 @@ const { loadAgentOutput } = require("./load_agent_output.cjs");
 const { getErrorMessage } = require("./error_helpers.cjs");
 const { hasUnresolvedTemporaryIds, replaceTemporaryIdReferences, normalizeTemporaryId, loadTemporaryIdMap, isTemporaryId } = require("./temporary_id.cjs");
 const { generateMissingInfoSections } = require("./missing_info_formatter.cjs");
+const { sanitizeContent } = require("./sanitize_content.cjs");
 const { setCollectedMissings } = require("./missing_messages_helper.cjs");
 const { writeSafeOutputSummaries } = require("./safe_output_summary.cjs");
 const { getIssuesToAssignCopilot } = require("./create_issue.cjs");
@@ -759,7 +760,7 @@ async function updateIssueBody(github, context, repo, issueNumber, updatedBody)
     owner,
     repo: repoName,
     issue_number: issueNumber,
-    body: updatedBody,
+    body: sanitizeContent(updatedBody),
   });
 
   core.info(`✓ Updated issue ${repo}#${issueNumber}`);
@@ -812,7 +813,7 @@ async function updateDiscussionBody(github, context, repo, discussionNumber, upd
 
   await github.graphql(mutation, {
     discussionId,
-    body: updatedBody,
+    body: sanitizeContent(updatedBody),
   });
 
   core.info(`✓ Updated discussion ${repo}#${discussionNumber}`);
@@ -833,6 +834,8 @@ async function updateCommentBody(github, context, repo, commentId, updatedBody,
 
   core.info(`Updating comment ${commentId} body with resolved temporary IDs`);
 
+  const sanitizedBody = sanitizeContent(updatedBody);
+
   if (isDiscussion) {
     // For discussion comments, we need to use GraphQL
     // Get the comment node ID first
@@ -848,7 +851,7 @@ async function updateCommentBody(github, context, repo, commentId, updatedBody,
 
     await github.graphql(mutation, {
       commentId,
-      body: updatedBody,
+      body: sanitizedBody,
     });
   } else {
     // For issue/PR comments, use REST API
@@ -856,7 +859,7 @@ async function updateCommentBody(github, context, repo, commentId, updatedBody,
       owner,
       repo: repoName,
       comment_id: commentId,
-      body: updatedBody,
+      body: sanitizedBody,
     });
   }
 
diff --git a/actions/setup/js/update_activation_comment.cjs b/actions/setup/js/update_activation_comment.cjs
index c3525948bb..ec3ce69f63 100644
--- a/actions/setup/js/update_activation_comment.cjs
+++ b/actions/setup/js/update_activation_comment.cjs
@@ -3,6 +3,7 @@
 
 const { getErrorMessage } = require("./error_helpers.cjs");
 const { getMessages } = require("./messages_core.cjs");
+const { sanitizeContent } = require("./sanitize_content.cjs");
 
 /**
  * Update the activation comment with a link to the created pull request or issue
@@ -107,7 +108,8 @@ async function updateActivationCommentWithMessage(github, context, core, message
               }
             }`;
 
-        const variables = replyToId ? { dId: discussionId, body: message, replyToId } : { dId: discussionId, body: message };
+        const sanitizedMessage = sanitizeContent(message);
+        const variables = replyToId ? { dId: discussionId, body: sanitizedMessage, replyToId } : { dId: discussionId, body: sanitizedMessage };
         const result = await github.graphql(mutation, variables);
         const created = result?.addDiscussionComment?.comment;
         const successMessage = label ? `Successfully created append-only discussion comment with ${label} link` : "Successfully created append-only discussion comment";
@@ -124,11 +126,12 @@ async function updateActivationCommentWithMessage(github, context, core, message
         return;
       }
 
+      const sanitizedMessage = sanitizeContent(message);
       const response = await github.request("POST /repos/{owner}/{repo}/issues/{issue_number}/comments", {
         owner: repoOwner,
         repo: repoName,
         issue_number: issueNumber,
-        body: message,
+        body: sanitizedMessage,
         headers: {
           Accept: "application/vnd.github+json",
         },
@@ -216,7 +219,7 @@ async function updateActivationCommentWithMessage(github, context, core, message
         return;
       }
       const currentBody = currentComment.data.body;
-      const updatedBody = currentBody + message;
+      const updatedBody = sanitizeContent(currentBody + message);
 
       // Update issue/PR comment using REST API
       const response = await github.request("PATCH /repos/{owner}/{repo}/issues/comments/{comment_id}", {
diff --git a/actions/setup/js/update_activation_comment.test.cjs b/actions/setup/js/update_activation_comment.test.cjs
index 38145b2168..4d6571351b 100644
--- a/actions/setup/js/update_activation_comment.test.cjs
+++ b/actions/setup/js/update_activation_comment.test.cjs
@@ -24,6 +24,10 @@ const createTestableFunction = scriptContent => {
         },
       };
     }
+    if (module === "./sanitize_content.cjs") {
+      // Mock sanitizeContent to return input as-is for testing
+      return { sanitizeContent: content => content };
+    }
     throw new Error(`Module ${module} not mocked in test`);
   };
   return new Function(`\n    const { github, core, context, process } = arguments[0];\n    const require = ${mockRequire.toString()};\n    \n    ${scriptBody}\n    \n    return { updateActivationComment };\n  `);
diff --git a/actions/setup/js/update_pr_description_helpers.cjs b/actions/setup/js/update_pr_description_helpers.cjs
index a666548229..45e57f4b07 100644
--- a/actions/setup/js/update_pr_description_helpers.cjs
+++ b/actions/setup/js/update_pr_description_helpers.cjs
@@ -8,6 +8,7 @@
  */
 
 const { getFooterMessage } = require("./messages_footer.cjs");
+const { sanitizeContent } = require("./sanitize_content.cjs");
 
 /**
  * Build the AI footer with workflow attribution
@@ -78,10 +79,13 @@ function updateBody(params) {
   const { currentBody, newContent, operation, workflowName, runUrl, workflowId, includeFooter = true } = params;
   const aiFooter = includeFooter ? buildAIFooter(workflowName, runUrl) : "";
 
+  // Sanitize new content to prevent injection attacks
+  const sanitizedNewContent = sanitizeContent(newContent);
+
   if (operation === "replace") {
     // Replace: use new content with optional AI footer
     core.info("Operation: replace (full body replacement)");
-    return newContent + aiFooter;
+    return sanitizedNewContent + aiFooter;
   }
 
   if (operation === "replace-island") {
@@ -93,7 +97,7 @@ function updateBody(params) {
       core.info(`Operation: replace-island (updating existing island for workflow ${workflowId})`);
       const startMarker = buildIslandStartMarker(workflowId);
       const endMarker = buildIslandEndMarker(workflowId);
-      const islandContent = `${startMarker}\n${newContent}${aiFooter}\n${endMarker}`;
+      const islandContent = `${startMarker}\n${sanitizedNewContent}${aiFooter}\n${endMarker}`;
 
       const before = currentBody.substring(0, island.startIndex);
       const after = currentBody.substring(island.endIndex);
@@ -103,7 +107,7 @@ function updateBody(params) {
       core.info(`Operation: replace-island (island not found for workflow ${workflowId}, falling back to append)`);
       const startMarker = buildIslandStartMarker(workflowId);
       const endMarker = buildIslandEndMarker(workflowId);
-      const islandContent = `${startMarker}\n${newContent}${aiFooter}\n${endMarker}`;
+      const islandContent = `${startMarker}\n${sanitizedNewContent}${aiFooter}\n${endMarker}`;
       const appendSection = `\n\n---\n\n${islandContent}`;
       return currentBody + appendSection;
     }
@@ -112,13 +116,13 @@ function updateBody(params) {
   if (operation === "prepend") {
     // Prepend: add content, AI footer (if enabled), and horizontal line at the start
     core.info("Operation: prepend (add to start with separator)");
-    const prependSection = `${newContent}${aiFooter}\n\n---\n\n`;
+    const prependSection = `${sanitizedNewContent}${aiFooter}\n\n---\n\n`;
     return prependSection + currentBody;
   }
 
   // Default to append
   core.info("Operation: append (add to end with separator)");
-  const appendSection = `\n\n---\n\n${newContent}${aiFooter}`;
+  const appendSection = `\n\n---\n\n${sanitizedNewContent}${aiFooter}`;
   return currentBody + appendSection;
 }
 
diff --git a/actions/setup/js/update_pr_description_helpers.test.cjs b/actions/setup/js/update_pr_description_helpers.test.cjs
index 20c41561f2..05ba0e5fd4 100644
--- a/actions/setup/js/update_pr_description_helpers.test.cjs
+++ b/actions/setup/js/update_pr_description_helpers.test.cjs
@@ -306,7 +306,7 @@ describe("update_pr_description_helpers.cjs", () => {
       const currentBody = "<!-- gh-aw-island-start:test-workflow -->\nOld\n<!-- gh-aw-island-end:test-workflow -->";
       const result = updateBody({
         currentBody,
-        newContent: "Content with **markdown**, `code`, [links](http://example.com)",
+        newContent: "Content with **markdown**, `code`, [links](https://github.com/example/repo)",
         operation: "replace-island",
         workflowName: "Test",
         runUrl: "https://github.com/test/actions/runs/123",
@@ -314,7 +314,7 @@ describe("update_pr_description_helpers.cjs", () => {
       });
       expect(result).toContain("**markdown**");
       expect(result).toContain("`code`");
-      expect(result).toContain("[links](http://example.com)");
+      expect(result).toContain("[links](https://github.com/example/repo)");
     });
 
     it("should handle newlines and whitespace correctly", () => {
diff --git a/actions/setup/js/update_runner.cjs b/actions/setup/js/update_runner.cjs
index b92fcda59c..b8a81a2d5f 100644
--- a/actions/setup/js/update_runner.cjs
+++ b/actions/setup/js/update_runner.cjs
@@ -16,6 +16,7 @@ const { loadAgentOutput } = require("./load_agent_output.cjs");
 const { generateStagedPreview } = require("./staged_preview.cjs");
 const { removeDuplicateTitleFromDescription } = require("./remove_duplicate_title.cjs");
 const { getErrorMessage } = require("./error_helpers.cjs");
+const { sanitizeContent } = require("./sanitize_content.cjs");
 
 /**
  * @typedef {Object} UpdateRunnerConfig
@@ -131,6 +132,9 @@ function buildUpdateData(params) {
         processedBody = removeDuplicateTitleFromDescription(titleForDedup, processedBody);
       }
 
+      // Sanitize content to prevent injection attacks
+      processedBody = sanitizeContent(processedBody);
+
       updateData.body = processedBody;
       hasUpdates = true;
       logMessages.push(`Will update body (length: ${processedBody.length})`);