From 55658adf68bd2878a14b7716c72d57a993bf8a3e Mon Sep 17 00:00:00 2001
From: carlospolop <carlospolop@gmail.com>
Date: Wed, 16 Jul 2025 15:45:27 +0200
Subject: [PATCH] atlantis

---
 src/pentesting-ci-cd/atlantis-security.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/pentesting-ci-cd/atlantis-security.md b/src/pentesting-ci-cd/atlantis-security.md
index d8a2a17e2..8bb7f6e39 100644
--- a/src/pentesting-ci-cd/atlantis-security.md
+++ b/src/pentesting-ci-cd/atlantis-security.md
@@ -97,7 +97,7 @@ In case `allowed_overrides` is True, these setting can be **overwritten on each
 
 The repo config can **specify scripts** to run [**before**](https://www.runatlantis.io/docs/pre-workflow-hooks.html#usage) (_pre workflow hooks_) and [**after**](https://www.runatlantis.io/docs/post-workflow-hooks.html) (_post workflow hooks_) a **workflow is executed.**
 
-There isn't any option to allow **specifying** these scripts in the **repo `/atlantis.yml`** file.
+There isn't any option to allow **specifying** these scripts in the **repo `/atlantis.yml`** file. However, if there is a confgured script to execute that is located in the same repo, it's possible to **modify it's content in a PR and make it execute arbitrary code.**
 
 **Workflow**