diff --git a/actions/ql/lib/change-notes/2025-07-08.md b/actions/ql/lib/change-notes/2025-07-08.md
new file mode 100644
index 000000000000..893a695a22c6
--- /dev/null
+++ b/actions/ql/lib/change-notes/2025-07-08.md
@@ -0,0 +1,4 @@
+---
+category: fix
+---
+* The `actions/artifact-poisoning/critical` and `actions/artifact-poisoning/medium` queries  now exclude artifacts downloaded to `$[{ runner.temp }}` in addition to `/tmp`.
diff --git a/actions/ql/lib/codeql/actions/security/ArtifactPoisoningQuery.qll b/actions/ql/lib/codeql/actions/security/ArtifactPoisoningQuery.qll
index d8d5f83c867d..0db3b2f7f887 100644
--- a/actions/ql/lib/codeql/actions/security/ArtifactPoisoningQuery.qll
+++ b/actions/ql/lib/codeql/actions/security/ArtifactPoisoningQuery.qll
@@ -262,8 +262,9 @@ class ArtifactPoisoningSink extends DataFlow::Node {
 
   ArtifactPoisoningSink() {
     download.getAFollowingStep() = poisonable and
-    // excluding artifacts downloaded to /tmp
+    // excluding artifacts downloaded to /tmp and runner.tmp
     not download.getPath().regexpMatch("^/tmp.*") and
+    not download.getPath().regexpMatch("^\\$\\{\\{\\s?runner\\.temp\\s?}}.*") and
     (
       poisonable.(Run).getScript() = this.asExpr() and
       (
diff --git a/actions/ql/test/query-tests/Security/CWE-829/.github/workflows/artifactpoison93.yml b/actions/ql/test/query-tests/Security/CWE-829/.github/workflows/artifactpoison93.yml
new file mode 100644
index 000000000000..d463527f292c
--- /dev/null
+++ b/actions/ql/test/query-tests/Security/CWE-829/.github/workflows/artifactpoison93.yml
@@ -0,0 +1,22 @@
+name: Secure Workflow
+
+on:
+  workflow_run:
+    workflows: ["Prev"]
+    types:
+      - completed
+
+jobs:
+  Download:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - run: mkdir -p ${{ runner.temp }}/artifacts/
+      - uses: dawidd6/action-download-artifact@v2
+        with:
+          name: pr_number
+          path: ${{ runner.temp }}/artifacts/
+
+      - name: Run command
+        run: |
+          sh cmd.sh