[static-analysis] Report - 2026-04-21

[github-actions]

Analysis Summary

• Tools Used: zizmor, poutine, actionlint, runner-guard
• Total Findings: 240 (actionlint: 111, zizmor: 107, poutine: 22, runner-guard: 0)
• Workflows Scanned: 197
• Actionlint Version: 1.7.12

Findings by Tool

Tool	Total	Critical	High	Medium	Low	Info/Note
zizmor (security)	107	0	1	1	22	83
poutine (supply chain)	22	0	0	0	9	13
actionlint (linting)	111	—	—	—	—	—
runner-guard (taint analysis)	0	0	0	0	0	0

Top Priority Issues

1. github-env — Dangerous Use of Environment File

• Tool: zizmor
• Severity: High
• Count: 1
• Affected: dev-hawk.lock.yml (line 1426)
• Description: Writes to $GITHUB_ENV in a way that could allow environment variable injection if untrusted input reaches that step
• Impact: An attacker controlling input could override environment variables for subsequent steps, potentially exfiltrating secrets or hijacking workflow behavior
• Reference: (docs.zizmor.sh/redacted)

2. copilot-requests Permission Scope — Actionlint False Positives

• Tool: actionlint
• Severity: error (likely false positive)
• Count: 99 errors across 50+ workflows
• Description: copilot-requests: write is not recognized by actionlint 1.7.12's schema, but is a valid GitHub Actions permission scope
• Impact: High noise — these are likely false positives from actionlint's outdated schema

3. untrusted_checkout_exec — Poutine Supply Chain

• Tool: poutine
• Severity: error
• Count: 8 (4 in each of 2 workflows)
• Affected: smoke-workflow-call.lock.yml, smoke-workflow-call-with-inputs.lock.yml
• Description: Arbitrary Code Execution from Untrusted Code Changes detected (all have poutine:ignore comments)

Clustered Findings by Tool and Type

Zizmor Security Findings

Issue Type	Severity	Count	Affected Workflows
github-env	High	1	dev-hawk
secrets-inherit	Medium	1	smoke-call-workflow
obfuscation	Low	22	agent-performance-analyzer, audit-workflows, copilot-agent-analysis, copilot-cli-deep-research, copilot-pr-nlp-analysis, copilot-pr-prompt-analysis, copilot-session-insights, copilot-token-audit, copilot-token-optimizer, daily-cli-performance, daily-code-metrics, daily-news, daily-testify-uber-super-expert, deep-report, delight, discussion-task-miner, firewall-escape, metrics-collector, pr-triage-agent, security-compliance, smoke-ci, workflow-health-manager
template-injection	Informational	~83	~28 workflows (ai-moderator, auto-triage-issues, contribution-check, daily-doc-updater, daily-issues-report, discussion-task-miner, grumpy-reviewer, issue-arborist, issue-monster, issue-triage-agent, org-health-report, plan, pr-triage-agent, q, refiner, scout, smoke-agent-*, smoke-copilot, smoke-service-ports, stale-repo-identifier, weekly-*, workflow-generator)

Poutine Supply Chain Findings

Issue Type	Severity	Count	Affected Workflows
untrusted_checkout_exec	error	8	smoke-workflow-call, smoke-workflow-call-with-inputs
pr_runs_on_self_hosted	warning	1	smoke-copilot-arm
unverified_script_exec	note	4	copilot-setup-steps, copilot-token-audit (×2), copilot-token-optimizer
github_action_from_unverified_creator_used	note	~8	link-check, super-linter, smoke-codex, copilot-setup-steps, copilot-token-audit, copilot-token-optimizer, mcp-inspector
unpinnable_action	note	2	daily-perf-improver/build-steps, daily-test-improver/coverage-steps

Actionlint Linting Issues

Issue Type	Count	Affected Workflows
permissions (copilot-requests)	99	50+ workflows (nearly all copilot-engine workflows)
expression (unknown properties)	11	ace-editor, smoke-claude (×2), smoke-workflow-call (×4), smoke-workflow-call-with-inputs (×4)
shellcheck SC2129	1	daily-astrostylelite-markdown-spellcheck

Runner-Guard Taint Analysis Findings

Runner-Guard Score: N/A (no findings)

No runner-guard vulnerabilities detected in this scan. ✅

Fix Suggestion for github-env (High Severity)

Issue: Dangerous use of $GITHUB_ENV environment file
Severity: High
Affected Workflows: 1 (dev-hawk.lock.yml line 1426)

Prompt to Copilot Agent:

You are fixing a High-severity security vulnerability identified by zizmor.

**Vulnerability**: github-env — Dangerous use of environment file
**Rule**: github-env — (docs.zizmor.sh/redacted)
**Severity**: High
**File**: .github/workflows/dev-hawk.md (compiled to dev-hawk.lock.yml)
**Line**: 1426 in the compiled lock file

**Current Issue**:
The workflow writes to $GITHUB_ENV in a way that could allow environment variable
injection if untrusted input reaches that step. An attacker who controls the input
could override any environment variable for subsequent steps, potentially exfiltrating
secrets or hijacking workflow behavior.

**Required Fix**:
1. Locate the step at line 1426 of dev-hawk.lock.yml (or the corresponding step in dev-hawk.md)
2. If the value written to $GITHUB_ENV derives from untrusted user input (e.g., issue
   body, PR title, comment text), sanitize it first:
   - Strip newlines: `SAFE_VALUE=$(printf '%s' "$INPUT" | tr -d '\n\r')`
   - Or use $GITHUB_OUTPUT instead of $GITHUB_ENV where possible
3. Consider replacing $GITHUB_ENV with $GITHUB_OUTPUT to limit blast radius

**Example**:
Before (dangerous):
  echo "MY_VAR=$\{\{ github.event.issue.body }}" >> $GITHUB_ENV

After (safe):
  SAFE_VALUE=$(printf '%s' "$\{\{ github.event.issue.body }}" | tr -d '\n\r')
  echo "MY_VAR=\$\{SAFE_VALUE}" >> "$GITHUB_ENV"

Please apply this fix to: .github/workflows/dev-hawk.md
Reference: (docs.zizmor.sh/redacted)

All Findings Details

Actionlint Expression Errors (11)

ace-editor.lock.yml

• Line 614: Property activated not defined on activation outputs type — needs.activation.outputs.activated == 'true'

smoke-claude.lock.yml

• Line 877: Property artifact_prefix not defined on activation outputs
• Line 2542: Property artifact_prefix not defined on activation outputs

smoke-workflow-call.lock.yml

• Line 129: job.workflow_repository not in actionlint's type definition
• Line 130: job.workflow_sha not in actionlint's type definition
• Line 131: job.workflow_ref not in actionlint's type definition
• Line 132: job.workflow_file_path not in actionlint's type definition

smoke-workflow-call-with-inputs.lock.yml

• Same 4 job.workflow_* expression errors as above

Zizmor Obfuscation Findings (22 workflows)

All 22 use the $\{\{ '' }} pattern (empty string literal) which zizmor flags as obfuscation. This is a Low-severity informational finding — the pattern is used intentionally as a wiki note placeholder.

Affected: agent-performance-analyzer, audit-workflows, copilot-agent-analysis, copilot-cli-deep-research, copilot-pr-nlp-analysis, copilot-pr-prompt-analysis, copilot-session-insights, copilot-token-audit, copilot-token-optimizer, daily-cli-performance, daily-code-metrics, daily-news, daily-testify-uber-super-expert, deep-report, delight, discussion-task-miner, firewall-escape, metrics-collector, pr-triage-agent, security-compliance, smoke-ci, workflow-health-manager

Zizmor Template Injection Findings (~28 workflows)

All flagged as Informational severity. Zizmor reports each unique location 3 times. The "Start MCP Gateway" step name appears in many smoke workflows. Affected workflows include ai-moderator, auto-triage-issues, contribution-check (2 locations), daily-doc-updater, daily-issues-report, discussion-task-miner, grumpy-reviewer, issue-arborist, issue-monster, issue-triage-agent, org-health-report, plan, pr-triage-agent, q, refiner, scout, smoke-agent-all-merged, smoke-agent-all-none, smoke-agent-public-approved, smoke-agent-public-none, smoke-agent-scoped-approved, smoke-copilot, smoke-service-ports, stale-repo-identifier, weekly-blog-post-writer, weekly-issue-summary, weekly-safe-outputs-spec-review, workflow-generator.

Poutine untrusted_checkout_exec Details

Both smoke-workflow-call.lock.yml and smoke-workflow-call-with-inputs.lock.yml have 4 flagged steps each:

1. save_base_github_folders.sh (bash step with poutine:ignore comment)
2. create_prompt_first.sh (bash block with poutine:ignore comment)
3. validate_prompt_placeholders.sh (bash step with poutine:ignore comment)
4. print_prompt_summary.sh (bash step with poutine:ignore comment)

All 8 instances have # poutine:ignore untrusted_checkout_exec annotations present, indicating intentional suppression.

Historical Trends

• Previous Scan: None (first scan)
• Baseline established: 2026-04-21
• Total Findings: 240

Recommendations

1. Immediate: Fix the github-env High-severity finding in dev-hawk.md — sanitize or replace $GITHUB_ENV usage with $GITHUB_OUTPUT
2. Short-term: Investigate secrets-inherit Medium finding in smoke-call-workflow — consider explicitly passing only required secrets instead of secrets: inherit
3. Actionlint: Update actionlint config to suppress false-positive copilot-requests permission errors (or wait for actionlint schema update)
4. Expression errors: Update actionlint config to recognize new job.workflow_* properties and custom activation output fields
5. Long-term: Review template-injection Informational findings to confirm no actual injection risk from step name patterns

Next Steps

• Fix github-env High finding in dev-hawk.md
• Review secrets-inherit in smoke-call-workflow
• File actionlint schema update request for copilot-requests permission scope
• Add actionlint suppression annotations for known false positives (job.workflow_*, activation outputs)

References:

• §24742977909

Generated by Static Analysis Report · ● 333.3K · ◷

• expires on Apr 28, 2026, 7:57 PM UTC

[pelikhan]

/q enable --runner-guard as well

[pelikhan]

@lpcox why do we need

gh-aw/pkg/workflow/ghes_host_step.go

Line 29 in a7a9114

echo "GH_HOST=${GH_HOST}" >> "$GITHUB_ENV"

?

[github-actions]

🎩 Mission equipment ready! Q has optimized your workflow. Use wisely, 007! 🔫

[github-actions]

Issue created: #27667

🎩 Equipped by Q

[github-actions]

This issue is being closed as outdated. A newer issue has been created: #27890

View newer issue

---

This action was performed automatically by the Static Analysis Report workflow.