Skip to content

[static-analysis] Report - 2026-04-22 #27890

Closed as not planned
Closed as not planned
[static-analysis] Report - 2026-04-22#27890
Labels
automationsecurity
@github-actions

Description

@github-actions
github-actions
bot
opened on Apr 22, 2026

Analysis Summary

  • Tools Used: zizmor, poutine, actionlint, runner-guard
  • Total Findings: 241 (actionlint: 111, zizmor: 107, poutine: 23, runner-guard: 0)
  • Workflows Scanned: 197
  • Workflows Affected: ~70
  • Actionlint Version: 1.7.12

Findings by Tool

Tool Total Critical High Medium Low Info/Note
zizmor (security) 107 0 1 1 22 83
poutine (supply chain) 23 0 0 1 (warning) 4 (note) 18 (note)
actionlint (linting) 111
runner-guard (taint analysis) 0 0 0 0 0 0

Clustered Findings by Tool and Type

Zizmor Security Findings

Issue Type Severity Count Affected Workflows
github-env High 1 dev-hawk
secrets-inherit Medium 1 smoke-call-workflow
obfuscation Low 22 agent-performance-analyzer, audit-workflows, copilot-agent-analysis, copilot-cli-deep-research, copilot-pr-nlp-analysis, copilot-pr-prompt-analysis, copilot-session-insights, copilot-token-audit, copilot-token-optimizer, daily-cli-performance, daily-code-metrics, daily-news, daily-testify-uber-super-expert, deep-report, delight, discussion-task-miner, firewall-escape, metrics-collector, pr-triage-agent, security-compliance, smoke-ci, workflow-health-manager
template-injection Informational ~83 ~28 workflows (ai-moderator, auto-triage-issues, contribution-check, daily-doc-updater, daily-issues-report, discussion-task-miner, grumpy-reviewer, issue-arborist, issue-monster, issue-triage-agent, org-health-report, plan, pr-triage-agent, q, refiner, scout, smoke-agent-*, smoke-copilot, smoke-service-ports, stale-repo-identifier, weekly-*, workflow-generator)

Poutine Supply Chain Findings

Issue Type Severity Count Affected Workflows
untrusted_checkout_exec error 8 smoke-workflow-call, smoke-workflow-call-with-inputs (all annotated with poutine:ignore)
pr_runs_on_self_hosted warning 1 smoke-copilot-arm
unverified_script_exec note 4 copilot-setup-steps, copilot-token-audit (×2), copilot-token-optimizer
github_action_from_unverified_creator_used note 8 link-check (×2), super-linter, smoke-codex, copilot-setup-steps, copilot-token-audit, copilot-token-optimizer, mcp-inspector
unpinnable_action note 2 daily-perf-improver/build-steps, daily-test-improver/coverage-steps

Actionlint Linting Issues

Issue Type Count Affected Workflows
permissions (copilot-requests: write — likely false positive) 99 50+ workflows
expression (unknown properties) 11 ace-editor, smoke-claude (×2), smoke-workflow-call (×4), smoke-workflow-call-with-inputs (×4)
shellcheck SC2129 1 daily-astrostylelite-markdown-spellcheck

Runner-Guard Taint Analysis Findings

Runner-Guard Score: N/A — no findings detected

Issues created: none (no Critical/High runner-guard findings)

Top Priority Issues

1. github-env — Dangerous Use of Environment File (Recurring)

  • Tool: zizmor
  • Severity: High
  • Count: 1
  • Affected: dev-hawk.lock.yml (line 1388)
  • Description: Writes to $GITHUB_ENV in a step that could allow environment variable injection if untrusted input flows in
  • Impact: Attacker controlling input could override environment variables for subsequent steps, potentially exfiltrating secrets or hijacking workflow behavior
  • Reference: (docs.zizmor.sh/redacted)

2. secrets-inherit — Secrets Unconditionally Inherited (Recurring)

  • Tool: zizmor
  • Severity: Medium
  • Count: 1
  • Affected: smoke-call-workflow.lock.yml (line 944)
  • Description: secrets: inherit passes all secrets to a called workflow unconditionally
  • Impact: Over-privileged secret scope; called workflow receives secrets it may not need
  • Reference: (docs.zizmor.sh/redacted)

3. copilot-requests Permission Scope — Actionlint False Positives (Recurring)

  • Tool: actionlint
  • Count: 99 errors across 50+ workflows
  • Description: copilot-requests: write flagged as unknown scope — actionlint 1.7.12 schema is behind GitHub's actual permission scope list
  • Impact: High noise (likely all false positives)

Fix Suggestion for github-env (High Severity)

Issue: Dangerous use of $GITHUB_ENV environment file
Severity: High
Affected Workflows: 1 (dev-hawk.lock.yml line 1388, source: dev-hawk.md)

Prompt to Copilot Agent:

You are fixing a High-severity security vulnerability identified by zizmor.

**Vulnerability**: github-env — Dangerous use of environment file
**Rule**: github-env — (docs.zizmor.sh/redacted)
**Severity**: High
**File**: .github/workflows/dev-hawk.md (compiled to dev-hawk.lock.yml)
**Line**: ~1388 in the compiled lock file (look for the `ghes-host-config` step)

**Current Issue**:
The workflow writes to $GITHUB_ENV in the `ghes-host-config` step (id: ghes-host-config).
This is flagged because uncontrolled or untrusted data flowing into a $GITHUB_ENV write
can let an attacker override environment variables for all subsequent steps, potentially
exfiltrating secrets or redirecting tool execution.

**Required Fix**:
1. Open .github/workflows/dev-hawk.md and find the step with `id: ghes-host-config`
2. Inspect what data is written to $GITHUB_ENV in that step's `run:` script
3. If the value is derived from a trusted constant (e.g., $GITHUB_SERVER_URL), ensure
   it is sanitized before writing:
   SAFE_HOST=$(printf '%s' "$GITHUB_SERVER_URL" | sed 's|https://||' | tr -d '\n\r')
   echo "GH_HOST=$SAFE_HOST" >> "$GITHUB_ENV"
4. If the value could be attacker-influenced, switch to $GITHUB_OUTPUT instead and
   reference it via `steps.<id>.outputs.<name>` in subsequent steps
5. Prefer $GITHUB_OUTPUT over $GITHUB_ENV wherever possible to limit blast radius

**Example**:
Before (potentially dangerous):
  run: |
    GH_HOST=$(echo "$GITHUB_SERVER_URL" | sed 's|https://||')
    echo "GH_HOST=$GH_HOST" >> "$GITHUB_ENV"

After (safe — sanitized + scoped):
  run: |
    GH_HOST=$(printf '%s' "$GITHUB_SERVER_URL" | sed 's|https://||' | tr -d '\n\r')
    echo "GH_HOST=$GH_HOST" >> "$GITHUB_OUTPUT"
  # Then reference as $\{\{ steps.ghes-host-config.outputs.GH_HOST }} in later steps

Please apply this fix to: .github/workflows/dev-hawk.md
Reference: (docs.zizmor.sh/redacted)

All Findings Details

Actionlint Expression Errors (11)

ace-editor.lock.yml

  • Line 614: needs.activation.outputs.activated — property activated not defined in activation outputs type

smoke-claude.lock.yml

  • Line 876: needs.activation.outputs.artifact_prefix — property not defined in activation outputs type
  • Line 2506: Same as above (second job)

smoke-workflow-call.lock.yml (4 errors)

  • Line 129: job.workflow_repository not in actionlint's job type
  • Line 130: job.workflow_sha not in actionlint's job type
  • Line 131: job.workflow_ref not in actionlint's job type
  • Line 132: job.workflow_file_path not in actionlint's job type

smoke-workflow-call-with-inputs.lock.yml (4 errors)

  • Same 4 job.workflow_* expression errors as above (lines 122–125)
Zizmor Obfuscation Findings (22 workflows)

All 22 use the $\{\{ '' }} pattern for GH_AW_WIKI_NOTE. This is a Low-severity informational finding — the pattern appears intentional as a wiki note placeholder. No action needed unless the pattern is unintentional.

Affected: agent-performance-analyzer, audit-workflows, copilot-agent-analysis, copilot-cli-deep-research, copilot-pr-nlp-analysis, copilot-pr-prompt-analysis, copilot-session-insights, copilot-token-audit, copilot-token-optimizer, daily-cli-performance, daily-code-metrics, daily-news, daily-testify-uber-super-expert, deep-report, delight, discussion-task-miner, firewall-escape, metrics-collector, pr-triage-agent, security-compliance, smoke-ci, workflow-health-manager

Zizmor Template Injection Findings (~28 workflows)

All flagged as Informational severity. Zizmor reports each location 3× (once per trigger variant). The "Start MCP Gateway" step name is the primary flagged location — this is likely a false positive from the step name pattern matching. No actual injection sink confirmed.

Affected: ai-moderator, auto-triage-issues, contribution-check (2 locations), daily-doc-updater, daily-issues-report, discussion-task-miner, grumpy-reviewer, issue-arborist, issue-monster, issue-triage-agent, org-health-report, plan, pr-triage-agent, q, refiner, scout, smoke-agent-all-merged, smoke-agent-all-none, smoke-agent-public-approved, smoke-agent-public-none, smoke-agent-scoped-approved, smoke-copilot, smoke-service-ports, stale-repo-identifier, weekly-blog-post-writer, weekly-issue-summary, weekly-safe-outputs-spec-review, workflow-generator

Poutine untrusted_checkout_exec Details (8 instances)

Both smoke-workflow-call.lock.yml and smoke-workflow-call-with-inputs.lock.yml flag 4 steps each:

  1. save_base_github_folders.sh — annotated with # poutine:ignore untrusted_checkout_exec
  2. create_prompt_first.sh — annotated with # poutine:ignore untrusted_checkout_exec
  3. validate_prompt_placeholders.sh — annotated with # poutine:ignore untrusted_checkout_exec
  4. print_prompt_summary.sh — annotated with # poutine:ignore untrusted_checkout_exec

All 8 instances are intentionally suppressed with poutine:ignore annotations.

Compilation Warnings (9)
  • rate-limit experimental feature: 3 warnings (agentic-observability-kit, audit-workflows, weekly-safe-outputs-spec-review)
  • codex bare mode not supported: 1 warning (daily-doc-updater)
  • mempalace MCP stdio not containerized: 1 warning (daily-doc-updater)
  • crush experimental: 2 warnings (smoke-crush — tools section ignored)
  • opencode experimental: 2 warnings (smoke-opencode — tools section ignored)
  • discussion category normalized: 1 info (commit-changes-analyzer)
  • vulnerability-alerts permission missing: 1 warning (dependabot-go-checker)

Historical Trends

  • Previous Scan: 2026-04-21 (§27661)
  • Total Findings Then: 240
  • Total Findings Now: 241
  • Change: +1 (+0.4%) — essentially stable

New Issues

None — all findings are recurring from the previous scan.

Resolved Issues

None — the github-env High finding in dev-hawk remains unresolved since 2026-04-21.

Recommendations

  1. Immediate: Fix the github-env High-severity finding in dev-hawk.md — sanitize or replace $GITHUB_ENV writes with $GITHUB_OUTPUT in the ghes-host-config step
  2. Short-term: Investigate secrets-inherit Medium finding in smoke-call-workflow — consider passing only required secrets explicitly
  3. Actionlint: Add suppressions or update actionlint config for copilot-requests false positives (99 noisy errors)
  4. Expression errors: Add actionlint.yaml config to recognize job.workflow_* properties and custom activation output fields
  5. Long-term: Review template-injection Informational findings to confirm no actual injection risk in "Start MCP Gateway" step pattern

Next Steps

  • Fix github-env High finding in dev-hawk.md (recurring since 2026-04-21)
  • Review secrets-inherit in smoke-call-workflow
  • Suppress actionlint copilot-requests false positives via .github/actionlint.yaml
  • Add actionlint type overrides for job.workflow_* and custom activation outputs

References:

Generated by Static Analysis Report · ● 215.4K ·

  • expires on Apr 29, 2026, 7:55 PM UTC

Metadata

Metadata

Assignees

No one assigned

    Labels

    automationsecurity

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions