12:59:11 includes/HelpPanel/QuestionStore.php:274 SecurityCheck-DoubleEscaped Calling method \GrowthExperiments\HelpPanel\QuestionRecord::setQuestionText() in \GrowthExperiments\HelpPanel\QuestionStore::trimQuestion that outputs using tainted argument #1. (Caused by: includes/HelpPanel/QuestionFormatter.php +75; includes/HelpPanel/QuestionFormatter.php +59; includes/HelpPanel/QuestionStore.php +274; includes/HelpPanel/QuestionStore.php +270; ../../includes/language/Language.php +3552; ../../includes/language/Language.php +3586; ../../includes/language/Language.php +3583; Builtin-\Message::escaped; ../../includes/language/Language.php +3613; ../../includes/language/Language.php +3592; ../../includes/language/Language.php +3583; Builtin-\Message::escaped; ...) (Caused by: includes/HelpPanel/QuestionStore.php +270; ../../includes/language/Language.php +3552; ../../includes/language/Language.php +3586; ../../includes/language/Language.php +3583; Builtin-\Message::escaped; ../../includes/language/Language.php +3613; ../../includes/language/Language.php +3592; ../../includes/language/Language.php +3583; Builtin-\Message::escaped; ../../includes/language/Language.php +3600; ../../includes/language/Language.php +3583; Builtin-\Message::escaped; ...)
from https://integration.wikimedia.org/ci/job/mwext-php72-phan-docker/136400/console, executed on https://gerrit.wikimedia.org/r/c/mediawiki/extensions/GrowthExperiments/+/721579.
Doesn't appear to be related to changed code. Also see https://integration.wikimedia.org/ci/job/mwext-php72-phan-docker/136429/console / https://gerrit.wikimedia.org/r/c/mediawiki/extensions/GrowthExperiments/+/721668 for a test on an empty commit.