diff --git a/.github/workflows/code_scan.yml b/.github/workflows/code_scan.yml
index 2b1ee094..8fb360f7 100644
--- a/.github/workflows/code_scan.yml
+++ b/.github/workflows/code_scan.yml
@@ -35,6 +35,11 @@ jobs:
       - name: Checkout out Repo
         uses: actions/checkout@v4
 
+      - name: Check Dangerous Command Injection
+        uses: opea-project/validation/actions/check-cmd@main
+        with:
+          work_dir: ${{ github.workspace }}
+
       - name: Docker Build
         run: |
           docker build -f ${{ github.workspace }}/.github/workflows/docker/${{ env.DOCKER_FILE_NAME }}.dockerfile -t ${{ env.REPO_NAME }}:${{ env.REPO_TAG }} .
diff --git a/.github/workflows/model_test_hpu.yml b/.github/workflows/model_test_hpu.yml
index dbb0bb3b..3bea0b81 100644
--- a/.github/workflows/model_test_hpu.yml
+++ b/.github/workflows/model_test_hpu.yml
@@ -50,6 +50,13 @@ jobs:
         with:
           submodules: "recursive"
           fetch-tags: true
+
+      - name: Check Dangerous Command Injection
+        if: github.event_name == 'pull_request' || github.event_name == 'pull_request_target'
+        uses: opea-project/validation/actions/check-cmd@main
+        with:
+          work_dir: ${{ github.workspace }}
+
     # We need this because GitHub needs to clone the branch to pipeline
       - name: Docker Build
         run: |