diff --git a/ql/lib/codeql/actions/dataflow/ExternalFlow.qll b/ql/lib/codeql/actions/dataflow/ExternalFlow.qll
index 1d1b0c6a719..9ddba387b51 100644
--- a/ql/lib/codeql/actions/dataflow/ExternalFlow.qll
+++ b/ql/lib/codeql/actions/dataflow/ExternalFlow.qll
@@ -1,6 +1,7 @@
+private import actions
 private import internal.ExternalFlowExtensions as Extensions
 private import codeql.actions.DataFlow
-private import actions
+private import codeql.actions.security.ArtifactPoisoningQuery
 
 /**
  * MaD sources
@@ -91,6 +92,12 @@ predicate madStoreStep(DataFlow::Node pred, DataFlow::Node succ, DataFlow::Conte
       or
       input.trim().matches("input.%") and
       pred.asExpr() = uses.getArgumentExpr(input.trim().replaceAll("input.", ""))
+      or
+      input.trim() = "artifact" and
+      exists(UntrustedArtifactDownloadStep download |
+        pred.asExpr() = download and
+        download.getAFollowingStep() = uses
+      )
     ) and
     succ.asExpr() = uses
   )
diff --git a/ql/lib/ext/manual/read-file-actions.model.yml b/ql/lib/ext/manual/read-file-actions.model.yml
new file mode 100644
index 00000000000..1b9bd745a65
--- /dev/null
+++ b/ql/lib/ext/manual/read-file-actions.model.yml
@@ -0,0 +1,33 @@
+extensions:
+  - addsTo:
+      pack: github/actions-all
+      extensible: actionsSummaryModel
+    data:
+      - ["juliangruber/read-file-action", "*", "artifact", "output.content", "taint", "manual"]
+      - ["bfren/read-file", "*", "artifact", "output.contents", "taint", "manual"]
+      - ["igorskyflyer/action-readfile", "*", "artifact", "output.content", "taint", "manual"]
+      - ["komorebitech/read-files-action", "*", "artifact", "output.content", "taint", "manual"]
+      - ["jaywcjlove/github-action-read-file", "*", "artifact", "output.content", "taint", "manual"]
+      - ["andstor/file-reader-action", "*", "artifact", "output.contents", "taint", "manual"]
+      - ["Reedyuk/read-properties", "*", "artifact", "output.value", "taint", "manual"]
+      - ["browniebroke/read-nvmrc-action", "*", "artifact", "output.node_version", "taint", "manual"]
+      - ["jbutcher5/read-yaml", "*", "artifact", "output.data", "taint", "manual"]
+      - ["christian-draeger/read-properties", "*", "artifact", "output.*", "taint", "manual"]
+      - ["traversals-analytics-and-intelligence/file-reader-action", "*", "artifact", "output.content", "taint", "manual"]
+      - ["pietrobolcato/action-read-yaml", "*", "artifact", "output.*", "taint", "manual"]
+      - ["satya-500/read-file-github-action", "*", "artifact", "output.contents", "taint", "manual"]
+      - ["guibranco/github-file-reader-action-v2", "*", "artifact", "output.contents", "taint", "manual"]
+      - ["gagle/package-version", "*", "artifact", "output.version", "taint", "manual"]
+      - ["ActionsTools/read-json-action", "*", "artifact", "output.*", "taint", "manual"]
+      - ["madhead/read-java-properties", "*", "artifact", "output.*", "taint", "manual"]
+      - ["pietrobolcato/action-read-yaml", "*", "artifact", "output.*", "taint", "manual"]
+      - ["rexdefuror/read-package-json", "*", "artifact", "env.*", "taint", "manual"]
+      - ["BrycensRanch/read-properties-action", "*", "artifact", "output.*", "taint", "manual"]
+      - ["kurt-code/gha-properties", "*", "artifact", "output.*", "taint", "manual"]
+      - ["SebRollen/toml-action", "*", "artifact", "output.value", "taint", "manual"]
+      - ["simonblund/version-reader", "*", "artifact", "output.version", "taint", "manual"]
+      - ["mindsers/changelog-reader-action", "*", "artifact", "output.*", "taint", "manual"]
+      - ["nichmor/minimal-read-yaml", "*", "artifact", "output.*", "taint", "manual"]
+      - ["miraai/read-helm-chart-yaml", "*", "artifact", "output.*", "taint", "manual"]
+      - ["dangdennis/toml-action", "*", "artifact", "output.value", "taint", "manual"]
+      - ["artlaman/conventional-changelog-reader-action", "*", "artifact", "output.*", "taint", "manual"]
diff --git a/ql/test/query-tests/Security/CWE-094/.github/workflows/artifactpoisoning5.yml b/ql/test/query-tests/Security/CWE-094/.github/workflows/artifactpoisoning5.yml
index 633c45661e5..4a2b9b50eb6 100644
--- a/ql/test/query-tests/Security/CWE-094/.github/workflows/artifactpoisoning5.yml
+++ b/ql/test/query-tests/Security/CWE-094/.github/workflows/artifactpoisoning5.yml
@@ -19,5 +19,5 @@ jobs:
         with:
           path: ./artifact.txt
       - name: Use artifact
-        run: echo ${{ steps.artifact.outputs.contents }} 
+        run: echo ${{ steps.artifact.outputs.content }} 
 
diff --git a/ql/test/query-tests/Security/CWE-094/CodeInjectionCritical.expected b/ql/test/query-tests/Security/CWE-094/CodeInjectionCritical.expected
index 370241c7ac0..2e0f79da4a0 100644
--- a/ql/test/query-tests/Security/CWE-094/CodeInjectionCritical.expected
+++ b/ql/test/query-tests/Security/CWE-094/CodeInjectionCritical.expected
@@ -9,6 +9,8 @@ edges
 | .github/workflows/artifactpoisoning4.yml:9:9:17:6 | Uses Step | .github/workflows/artifactpoisoning4.yml:19:14:19:58 | echo "::set-output name=id::$(<artifact.txt)" | provenance |  |
 | .github/workflows/artifactpoisoning4.yml:17:9:21:6 | Run Step: artifact [id] | .github/workflows/artifactpoisoning4.yml:22:20:22:51 | steps.artifact.outputs.id | provenance |  |
 | .github/workflows/artifactpoisoning4.yml:19:14:19:58 | echo "::set-output name=id::$(<artifact.txt)" | .github/workflows/artifactpoisoning4.yml:17:9:21:6 | Run Step: artifact [id] | provenance |  |
+| .github/workflows/artifactpoisoning5.yml:8:9:16:6 | Uses Step | .github/workflows/artifactpoisoning5.yml:16:9:21:6 | Uses Step: artifact [content] | provenance |  |
+| .github/workflows/artifactpoisoning5.yml:16:9:21:6 | Uses Step: artifact [content] | .github/workflows/artifactpoisoning5.yml:22:20:22:56 | steps.artifact.outputs.content | provenance |  |
 | .github/workflows/artifactpoisoning6.yml:8:9:15:6 | Uses Step | .github/workflows/artifactpoisoning6.yml:16:14:19:57 | echo "::set-output name=pr_number::$(<artifact.txt)"\nmkdir firebase-android\nunzip firebase-android.zip -d firebase-android\n | provenance |  |
 | .github/workflows/artifactpoisoning6.yml:8:9:15:6 | Uses Step | .github/workflows/artifactpoisoning6.yml:24:14:27:57 | echo "::set-output name=pr_number::$(cat -e artifact.txt)"\nmkdir firebase-android\nunzip firebase-android.zip -d firebase-android\n | provenance |  |
 | .github/workflows/artifactpoisoning6.yml:15:9:20:6 | Run Step: artifact [pr_number] | .github/workflows/artifactpoisoning6.yml:21:20:21:58 | steps.artifact.outputs.pr_number | provenance |  |
@@ -117,6 +119,9 @@ nodes
 | .github/workflows/artifactpoisoning4.yml:17:9:21:6 | Run Step: artifact [id] | semmle.label | Run Step: artifact [id] |
 | .github/workflows/artifactpoisoning4.yml:19:14:19:58 | echo "::set-output name=id::$(<artifact.txt)" | semmle.label | echo "::set-output name=id::$(<artifact.txt)" |
 | .github/workflows/artifactpoisoning4.yml:22:20:22:51 | steps.artifact.outputs.id | semmle.label | steps.artifact.outputs.id |
+| .github/workflows/artifactpoisoning5.yml:8:9:16:6 | Uses Step | semmle.label | Uses Step |
+| .github/workflows/artifactpoisoning5.yml:16:9:21:6 | Uses Step: artifact [content] | semmle.label | Uses Step: artifact [content] |
+| .github/workflows/artifactpoisoning5.yml:22:20:22:56 | steps.artifact.outputs.content | semmle.label | steps.artifact.outputs.content |
 | .github/workflows/artifactpoisoning6.yml:8:9:15:6 | Uses Step | semmle.label | Uses Step |
 | .github/workflows/artifactpoisoning6.yml:15:9:20:6 | Run Step: artifact [pr_number] | semmle.label | Run Step: artifact [pr_number] |
 | .github/workflows/artifactpoisoning6.yml:16:14:19:57 | echo "::set-output name=pr_number::$(<artifact.txt)"\nmkdir firebase-android\nunzip firebase-android.zip -d firebase-android\n | semmle.label | echo "::set-output name=pr_number::$(<artifact.txt)"\nmkdir firebase-android\nunzip firebase-android.zip -d firebase-android\n |
@@ -333,6 +338,7 @@ subpaths
 | .github/workflows/artifactpoisoning1.yml:27:67:27:92 | steps.pr.outputs.id | .github/workflows/artifactpoisoning1.yml:14:9:20:6 | Uses Step | .github/workflows/artifactpoisoning1.yml:27:67:27:92 | steps.pr.outputs.id | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/artifactpoisoning1.yml:27:67:27:92 | steps.pr.outputs.id | ${{ steps.pr.outputs.id }} |
 | .github/workflows/artifactpoisoning2.yml:22:17:22:42 | steps.pr.outputs.id | .github/workflows/artifactpoisoning2.yml:13:9:19:6 | Uses Step: pr | .github/workflows/artifactpoisoning2.yml:22:17:22:42 | steps.pr.outputs.id | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/artifactpoisoning2.yml:22:17:22:42 | steps.pr.outputs.id | ${{ steps.pr.outputs.id }} |
 | .github/workflows/artifactpoisoning4.yml:22:20:22:51 | steps.artifact.outputs.id | .github/workflows/artifactpoisoning4.yml:9:9:17:6 | Uses Step | .github/workflows/artifactpoisoning4.yml:22:20:22:51 | steps.artifact.outputs.id | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/artifactpoisoning4.yml:22:20:22:51 | steps.artifact.outputs.id | ${{ steps.artifact.outputs.id }} |
+| .github/workflows/artifactpoisoning5.yml:22:20:22:56 | steps.artifact.outputs.content | .github/workflows/artifactpoisoning5.yml:8:9:16:6 | Uses Step | .github/workflows/artifactpoisoning5.yml:22:20:22:56 | steps.artifact.outputs.content | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/artifactpoisoning5.yml:22:20:22:56 | steps.artifact.outputs.content | ${{ steps.artifact.outputs.content }} |
 | .github/workflows/artifactpoisoning6.yml:21:20:21:58 | steps.artifact.outputs.pr_number | .github/workflows/artifactpoisoning6.yml:8:9:15:6 | Uses Step | .github/workflows/artifactpoisoning6.yml:21:20:21:58 | steps.artifact.outputs.pr_number | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/artifactpoisoning6.yml:21:20:21:58 | steps.artifact.outputs.pr_number | ${{ steps.artifact.outputs.pr_number }} |
 | .github/workflows/artifactpoisoning6.yml:29:20:29:59 | steps.artifact2.outputs.pr_number | .github/workflows/artifactpoisoning6.yml:8:9:15:6 | Uses Step | .github/workflows/artifactpoisoning6.yml:29:20:29:59 | steps.artifact2.outputs.pr_number | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/artifactpoisoning6.yml:29:20:29:59 | steps.artifact2.outputs.pr_number | ${{ steps.artifact2.outputs.pr_number }} |
 | .github/workflows/artifactpoisoning8.yml:22:20:22:51 | steps.artifact.outputs.id | .github/workflows/artifactpoisoning8.yml:9:9:17:6 | Uses Step | .github/workflows/artifactpoisoning8.yml:22:20:22:51 | steps.artifact.outputs.id | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/artifactpoisoning8.yml:22:20:22:51 | steps.artifact.outputs.id | ${{ steps.artifact.outputs.id }} |
diff --git a/ql/test/query-tests/Security/CWE-094/CodeInjectionMedium.expected b/ql/test/query-tests/Security/CWE-094/CodeInjectionMedium.expected
index 6a0f11410f4..1dbac52f268 100644
--- a/ql/test/query-tests/Security/CWE-094/CodeInjectionMedium.expected
+++ b/ql/test/query-tests/Security/CWE-094/CodeInjectionMedium.expected
@@ -9,6 +9,8 @@ edges
 | .github/workflows/artifactpoisoning4.yml:9:9:17:6 | Uses Step | .github/workflows/artifactpoisoning4.yml:19:14:19:58 | echo "::set-output name=id::$(<artifact.txt)" | provenance |  |
 | .github/workflows/artifactpoisoning4.yml:17:9:21:6 | Run Step: artifact [id] | .github/workflows/artifactpoisoning4.yml:22:20:22:51 | steps.artifact.outputs.id | provenance |  |
 | .github/workflows/artifactpoisoning4.yml:19:14:19:58 | echo "::set-output name=id::$(<artifact.txt)" | .github/workflows/artifactpoisoning4.yml:17:9:21:6 | Run Step: artifact [id] | provenance |  |
+| .github/workflows/artifactpoisoning5.yml:8:9:16:6 | Uses Step | .github/workflows/artifactpoisoning5.yml:16:9:21:6 | Uses Step: artifact [content] | provenance |  |
+| .github/workflows/artifactpoisoning5.yml:16:9:21:6 | Uses Step: artifact [content] | .github/workflows/artifactpoisoning5.yml:22:20:22:56 | steps.artifact.outputs.content | provenance |  |
 | .github/workflows/artifactpoisoning6.yml:8:9:15:6 | Uses Step | .github/workflows/artifactpoisoning6.yml:16:14:19:57 | echo "::set-output name=pr_number::$(<artifact.txt)"\nmkdir firebase-android\nunzip firebase-android.zip -d firebase-android\n | provenance |  |
 | .github/workflows/artifactpoisoning6.yml:8:9:15:6 | Uses Step | .github/workflows/artifactpoisoning6.yml:24:14:27:57 | echo "::set-output name=pr_number::$(cat -e artifact.txt)"\nmkdir firebase-android\nunzip firebase-android.zip -d firebase-android\n | provenance |  |
 | .github/workflows/artifactpoisoning6.yml:15:9:20:6 | Run Step: artifact [pr_number] | .github/workflows/artifactpoisoning6.yml:21:20:21:58 | steps.artifact.outputs.pr_number | provenance |  |
@@ -117,6 +119,9 @@ nodes
 | .github/workflows/artifactpoisoning4.yml:17:9:21:6 | Run Step: artifact [id] | semmle.label | Run Step: artifact [id] |
 | .github/workflows/artifactpoisoning4.yml:19:14:19:58 | echo "::set-output name=id::$(<artifact.txt)" | semmle.label | echo "::set-output name=id::$(<artifact.txt)" |
 | .github/workflows/artifactpoisoning4.yml:22:20:22:51 | steps.artifact.outputs.id | semmle.label | steps.artifact.outputs.id |
+| .github/workflows/artifactpoisoning5.yml:8:9:16:6 | Uses Step | semmle.label | Uses Step |
+| .github/workflows/artifactpoisoning5.yml:16:9:21:6 | Uses Step: artifact [content] | semmle.label | Uses Step: artifact [content] |
+| .github/workflows/artifactpoisoning5.yml:22:20:22:56 | steps.artifact.outputs.content | semmle.label | steps.artifact.outputs.content |
 | .github/workflows/artifactpoisoning6.yml:8:9:15:6 | Uses Step | semmle.label | Uses Step |
 | .github/workflows/artifactpoisoning6.yml:15:9:20:6 | Run Step: artifact [pr_number] | semmle.label | Run Step: artifact [pr_number] |
 | .github/workflows/artifactpoisoning6.yml:16:14:19:57 | echo "::set-output name=pr_number::$(<artifact.txt)"\nmkdir firebase-android\nunzip firebase-android.zip -d firebase-android\n | semmle.label | echo "::set-output name=pr_number::$(<artifact.txt)"\nmkdir firebase-android\nunzip firebase-android.zip -d firebase-android\n |