diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js
index db4219d32..a6ea6f1d0 100644
--- a/lib/start-proxy-action.js
+++ b/lib/start-proxy-action.js
@@ -119780,9 +119780,15 @@ function credentialToStr(c) {
 }
 async function downloadProxy(logger, url, authorization) {
   try {
-    return toolcache.downloadTool(url, void 0, authorization, {
-      accept: "application/octet-stream"
-    });
+    return toolcache.downloadTool(
+      url,
+      /* dest: */
+      void 0,
+      authorization,
+      {
+        accept: "application/octet-stream"
+      }
+    );
   } catch (error3) {
     logger.error(
       `Failed to download proxy archive from ${url}: ${getErrorMessage(error3)}`
@@ -119833,8 +119839,7 @@ async function getProxyBinaryPath(logger) {
       proxyInfo.version
     );
   }
-  proxyBin = path.join(proxyBin, proxyFileName);
-  return proxyBin;
+  return path.join(proxyBin, proxyFileName);
 }
 
 // src/start-proxy-action.ts
diff --git a/src/start-proxy.ts b/src/start-proxy.ts
index 980eb44b6..db7bd102c 100644
--- a/src/start-proxy.ts
+++ b/src/start-proxy.ts
@@ -116,10 +116,11 @@ export async function sendFailedStatusReport(
   const error = util.wrapError(unwrappedError);
   core.setFailed(`start-proxy action failed: ${error.message}`);
 
+  // To avoid the possibility of leaking sensitive information into the telemetry,
+  // we don't include arbitrary error messages. Instead, `getSafeErrorMessage` will
+  // return a generic message that includes the type of the error, unless it can decide
+  // that the message is safe to include.
   const statusReportMessage = getSafeErrorMessage(error);
-
-  // We skip sending the error message and stack trace here to avoid the possibility
-  // of leaking any sensitive information into the telemetry.
   const errorStatusReportBase = await createStatusReportBase(
     ActionName.StartProxy,
     getActionsStatus(error),
@@ -432,7 +433,9 @@ export async function downloadProxy(
   authorization: string | undefined,
 ) {
   try {
-    return toolcache.downloadTool(url, undefined, authorization, {
+    // Download the proxy archive from `url`. We let `downloadTool` choose where
+    // to store it. The path to the downloaded file will be returned if successful.
+    return toolcache.downloadTool(url, /* dest: */ undefined, authorization, {
       accept: "application/octet-stream",
     });
   } catch (error) {
@@ -524,6 +527,5 @@ export async function getProxyBinaryPath(logger: Logger): Promise<string> {
       proxyInfo.version,
     );
   }
-  proxyBin = path.join(proxyBin, proxyFileName);
-  return proxyBin;
+  return path.join(proxyBin, proxyFileName);
 }