I'm adding subfeatures to bot-conditions and template-injection for proofs-of-concept, but there are several other audits that probably make sense to include subspans for:

• unsound-contains (for the offending contains(...) call + context use)
• github-env for offending GITHUB_ENV writes
• Others?