diff --git a/.github/.cspell/project-dictionary.txt b/.github/.cspell/project-dictionary.txt
index 4f28f1d5..368bd321 100644
--- a/.github/.cspell/project-dictionary.txt
+++ b/.github/.cspell/project-dictionary.txt
@@ -2,6 +2,7 @@ almalinux
 archlinux
 binstall
 callgrind
+CDPATH
 coreutils
 covgate
 cyclonedx
diff --git a/action.yml b/action.yml
index 1c5f7e9f..95ecee99 100644
--- a/action.yml
+++ b/action.yml
@@ -22,7 +22,10 @@ runs:
   using: composite
   steps:
     - run: |
-        set -eu
+        if /usr/bin/env | grep -Eq '^BASH_FUNC_'; then
+          printf '::error::bash function injection via BASH_FUNC_ environment variable is not allowed for security reasons\n'
+          exit 1
+        fi
         if ! command -v bash >/dev/null; then
           if grep -Eq '^ID=alpine' /etc/os-release; then
             printf '::group::Install packages required for install-action (bash)\n'
@@ -41,7 +44,7 @@ runs:
           fi
         fi
         bash --noprofile --norc "${GITHUB_ACTION_PATH:?}/main.sh"
-      shell: sh
+      shell: /usr/bin/env -u ENV -u BASH_ENV -u CDPATH -u SHELLOPTS -u BASHOPTS /bin/sh -eu {0} # zizmor: ignore[misfeature] false positive
       env:
         # NB: Sync with Windows case.
         INPUT_TOOL: ${{ inputs.tool }}
@@ -54,6 +57,15 @@ runs:
     # https://github.com/actions/partner-runner-images/issues/169
     - run: |
         Set-StrictMode -Version Latest
+        if (Test-Path "Env:ENV") { Remove-Item Env:\ENV }
+        if (Test-Path "Env:BASH_ENV") { Remove-Item Env:\BASH_ENV }
+        if (Test-Path "Env:CDPATH") { Remove-Item Env:\CDPATH }
+        if (Test-Path "Env:SHELLOPTS") { Remove-Item Env:\SHELLOPTS }
+        if (Test-Path "Env:BASHOPTS") { Remove-Item Env:\BASHOPTS }
+        if (Test-Path "Env:BASH_FUNC_*") {
+          Write-Output "::error::bash function injection via BASH_FUNC_ environment variable is not allowed for security reasons"
+          exit 1
+        }
         for ($i=1; $i -le 10; $i++) {
           $prev_err_action = $ErrorActionPreference
           $ErrorActionPreference = "Continue"
diff --git a/tools/tidy.sh b/tools/tidy.sh
index 1b165ae9..e178d061 100755
--- a/tools/tidy.sh
+++ b/tools/tidy.sh
@@ -27,14 +27,14 @@ fi
 if [[ -n "${TIDY_DEV:-}" ]]; then
   image="ghcr.io/taiki-e/tidy:latest"
 else
-  image="ghcr.io/taiki-e/tidy@sha256:bce85a4321f80c09f2b68420e9149bcf7c085130ab1e1fca54443f76833cd184"
+  image="ghcr.io/taiki-e/tidy@sha256:71def761a5585e83a2672c4051aee13cd886ad5571215aee52f193454bb3cdff"
 fi
 user="$(id -u):$(id -g)"
 workdir=$(pwd)
 tmp=$(mktemp -d)
 trap -- 'rm -rf -- "${tmp:?}"' EXIT
 mkdir -p -- "${tmp}"/{pwsh-cache,pwsh-local,zizmor-cache,dummy-dir,tmp}
-touch -- "${tmp}"/dummy
+printf '' >"${tmp}"/dummy
 code=0
 color=''
 if [[ -t 1 ]] || [[ -n "${GITHUB_ACTIONS:-}" ]]; then