From e69e30aa84b9240369b7b32e83a0e84a11e402d6 Mon Sep 17 00:00:00 2001
From: Kristen Newbury <knewbury01@github.com>
Date: Thu, 2 Apr 2026 11:32:37 -0400
Subject: [PATCH] Adjust alert messages
 CWE-829/ArtifactPoisoning[Critical|Medium]

---
 actions/ql/src/Security/CWE-829/ArtifactPoisoningCritical.ql  | 4 ++--
 actions/ql/src/Security/CWE-829/ArtifactPoisoningMedium.ql    | 3 +--
 actions/ql/src/change-notes/2026-04-02-alert-msg-poisoning.md | 4 ++++
 3 files changed, 7 insertions(+), 4 deletions(-)
 create mode 100644 actions/ql/src/change-notes/2026-04-02-alert-msg-poisoning.md

diff --git a/actions/ql/src/Security/CWE-829/ArtifactPoisoningCritical.ql b/actions/ql/src/Security/CWE-829/ArtifactPoisoningCritical.ql
index 24ecb4b0339..fc65f93f5c0 100644
--- a/actions/ql/src/Security/CWE-829/ArtifactPoisoningCritical.ql
+++ b/actions/ql/src/Security/CWE-829/ArtifactPoisoningCritical.ql
@@ -21,5 +21,5 @@ where
   ArtifactPoisoningFlow::flowPath(source, sink) and
   event = getRelevantEventInPrivilegedContext(sink.getNode())
 select sink.getNode(), source, sink,
-  "Potential artifact poisoning in $@, which may be controlled by an external user ($@).", sink,
-  sink.getNode().toString(), event, event.getName()
+  "Potential artifact poisoning, which may be controlled by an external user ($@).", event,
+  event.getName()
diff --git a/actions/ql/src/Security/CWE-829/ArtifactPoisoningMedium.ql b/actions/ql/src/Security/CWE-829/ArtifactPoisoningMedium.ql
index d2aff7da95f..6caba357114 100644
--- a/actions/ql/src/Security/CWE-829/ArtifactPoisoningMedium.ql
+++ b/actions/ql/src/Security/CWE-829/ArtifactPoisoningMedium.ql
@@ -21,5 +21,4 @@ where
   ArtifactPoisoningFlow::flowPath(source, sink) and
   inNonPrivilegedContext(sink.getNode().asExpr())
 select sink.getNode(), source, sink,
-  "Potential artifact poisoning in $@, which may be controlled by an external user.", sink,
-  sink.getNode().toString()
+  "Potential artifact poisoning, which may be controlled by an external user."
diff --git a/actions/ql/src/change-notes/2026-04-02-alert-msg-poisoning.md b/actions/ql/src/change-notes/2026-04-02-alert-msg-poisoning.md
new file mode 100644
index 00000000000..5b016941566
--- /dev/null
+++ b/actions/ql/src/change-notes/2026-04-02-alert-msg-poisoning.md
@@ -0,0 +1,4 @@
+---
+category: majorAnalysis
+---
+* Fixed alert messages in `actions/artifact-poisoning/critical` and `actions/artifact-poisoning/medium` as they previously included a redundant placeholder in the alert message that would on occasion contain a long block of yml that makes the alert difficult to understand.
\ No newline at end of file