Skip to content

[static-analysis] Report - 2026-04-23 #28157

Closed as not planned
Closed as not planned
[static-analysis] Report - 2026-04-23#28157
Labels
automationsecurity
@github-actions

Description

@github-actions
github-actions
bot
opened on Apr 23, 2026

Analysis Summary

Static analysis scan completed on 2026-04-23 using four tools against all 200 agentic workflow files in this repository. All 200 workflows compiled successfully.

  • Tools Used: zizmor, poutine, actionlint, runner-guard
  • Total Findings: 1,785
  • Workflows Scanned: 200
  • Workflows with Findings: ~90

Findings by Tool

Tool Total Critical High Medium Low/Info
runner-guard (taint analysis) 1,538 0 1,492 46 0
actionlint (linting) 114 114
zizmor (security) 109 0 0 1 108
poutine (supply chain) 24 0 8 1 15

Runner-Guard Taint Analysis

Runner-Guard Score: N/A (individual rule severities below)

Rule ID Name Severity Count Affected Workflows
RGS-004 Comment-Triggered Workflow Without Author Authorization Check High 1,388 16
RGS-008 Secret Directly Interpolated in run Block High 62 61
RGS-018 Suspicious Payload Execution Pattern High 40 37
RGS-005 Excessive Permissions on Untrusted Trigger Medium 46 2
RGS-006 Curl-Pipe-Bash Remote Code Execution High 2 2

Issues created for Critical/High findings:

Clustered Findings by Tool

Actionlint Linting Issues

Issue Type Count Affected Workflows
copilot-requests unknown permission scope 102 ~51 (generated lock files)
Undefined expression properties 11 ace-editor, smoke-claude, smoke-workflow-call, smoke-workflow-call-with-inputs
shellcheck SC2129 style 1 daily-astrostylelite-markdown-spellcheck

The copilot-requests: write permission scope is not recognized by actionlint's built-in list — this is likely a GitHub-internal or preview permission. The expression errors flag properties like activated, artifact_prefix, workflow_repository, workflow_sha, workflow_ref, workflow_file_path as undefined in their respective object types.

Zizmor Security Findings

Issue Type Severity Count Affected Workflows
template-injection Informational 84 29
obfuscation ($\{\{ '' }}) Low 23 23
secrets Medium 1 1
pr_runs_on_self_hosted Low 1 1

The template-injection findings are Informational severity — zizmor flags step names as potential injection points but the actual step bodies don't show evidence of user-controlled data flowing into execution. The obfuscation findings relate to the GH_AW_WIKI_NOTE: $\{\{ '' }} pattern used intentionally across many workflows.

Poutine Supply Chain Findings

Issue Type Severity Count Affected Workflows
untrusted_checkout_exec Error 8 smoke-workflow-call-with-inputs, others
github_action_from_unverified_creator_used Note 9 mcp-inspector, copilot-token-audit, super-linter, etc.
unverified_script_exec (curl|bash) Note 6 copilot-token-optimizer, copilot-token-audit, copilot-setup-steps, agentic-optimization-kit
pr_runs_on_self_hosted Warning 1 1

Top Priority Issues

1. RGS-004: Comment-Triggered Workflow Without Author Authorization Check

  • Tool: runner-guard
  • Count: 1,388 instances across 16 workflows
  • Severity: High
  • Affected: ace-editor, ai-moderator, archie, brave, cloclo, dev-hawk, grumpy-reviewer, mergefest, pdf-summary, plan, pr-nitpick-reviewer, q, scout, security-review, tidy, unbloat-docs
  • Impact: Any GitHub user can trigger privileged workflows by commenting on issues

2. RGS-008: Secret Directly Interpolated in run Block

  • Tool: runner-guard
  • Count: 62 instances across 61 workflows
  • Severity: High
  • Affected: Most daily-* and smoke-* workflows
  • Impact: Secrets exposed in shell script text, process listings, and shell history

3. RGS-018: Suspicious Payload Execution Pattern

  • Tool: runner-guard
  • Count: 40 instances across 37 workflows
  • Severity: High
  • Affected: go-logger, smoke-, copilot-, daily-* and others
  • Impact: May indicate active compromise or susceptibility to supply chain attacks

Fix Suggestion for RGS-008 (Most Actionable)

Issue: Secret Directly Interpolated in run Block
Severity: High
Affected Workflows: 61 workflows

Prompt to Copilot Agent:

You are fixing a security vulnerability identified by runner-guard (RGS-008).

**Vulnerability**: Secret Directly Interpolated in run Block
**Rule**: RGS-008

**Current Issue**:
Secrets using $\{\{ secrets.* }}, $\{\{ github.token }}, or $\{\{ env.GITHUB_TOKEN }}
are directly embedded inside run: block shell scripts. They must be moved to
the env: mapping instead.

**Required Fix**:
For every run: block containing $\{\{ secrets.* }} or $\{\{ github.token }} directly
in the shell script, move those values to an env: section above run:

Before:
  - name: API Call
    run: |
      curl -H "Authorization: Bearer $(echo $\{\{ secrets.MY_TOKEN }})" ...

After:
  - name: API Call
    env:
      MY_TOKEN: $\{\{ secrets.MY_TOKEN }}
    run: |
      curl -H "Authorization: Bearer \$\{MY_TOKEN}" ...

Apply this fix to all affected workflow files. The $\{\{ }} expressions should
only appear in the env: mapping, never inside the run: script body.

Affected workflows include: all daily-*, most smoke-* workflows, and
agentic-observability-kit, agentic-optimization-kit, api-consumption-report,
audit-workflows, ci, prompt-clustering-analysis, stale-repo-identifier.
All Findings Details by Tool

Actionlint — Unknown Permission Scope (copilot-requests)

Affecting agent-performance-analyzer, agentic-optimization-kit, archie, architecture-guardian, artifacts-summary, auto-triage-issues, brave, breaking-change-checker, ci-coach, claude-code-user-docs-review, cli-consistency-checker, code-scanning-fixer, copilot-cli-deep-research, copilot-pr-merged-report, copilot-pr-nlp-analysis, copilot-pr-prompt-analysis, copilot-token-audit, craft, daily-architecture-diagram, daily-assign-issue-to-user, daily-cli-performance, daily-compiler-quality, daily-file-diet, daily-hippo-learn, daily-malicious-code-scan, daily-mcp-concurrency-analysis, daily-news, daily-repo-chronicle, daily-safe-output-integrator, daily-secrets-analysis, daily-security-red-team, daily-semgrep-scan, daily-syntax-error-quality, daily-testify-uber-super-expert, daily-workflow-updater, dead-code-remover, delight, dev-hawk, dev, dictation-prompt, discussion-task-miner, docs-noob-tester, draft-pr-cleanup, firewall-escape, refactoring-cadence, security-review, smoke-create-cross-repo-pr, smoke-update-cross-repo-pr, spec-extractor, spec-librarian, test-quality-sentinel, dependabot-go-checker (vulnerability-alerts)

Actionlint — Undefined Expression Properties

  • ace-editor: needs.activation.outputs.activated undefined
  • smoke-claude: needs.activation.outputs.artifact_prefix undefined (x2)
  • smoke-workflow-call / smoke-workflow-call-with-inputs: job.workflow_repository, job.workflow_sha, job.workflow_ref, job.workflow_file_path undefined

Zizmor — Template Injection (Informational)

Affecting 29 workflows: ai-moderator, auto-triage-issues, contribution-check, daily-doc-updater, daily-issues-report, daily-token-consumption-report, discussion-task-miner, grumpy-reviewer, issue-arborist, issue-monster, issue-triage-agent, org-health-report, plan, pr-triage-agent, q, refiner, scout, smoke-agent-all-merged/none/public-approved/none/scoped-approved, smoke-copilot, smoke-service-ports, stale-repo-identifier, weekly-blog-post-writer, weekly-issue-summary, weekly-safe-outputs-spec-review, workflow-generator

Zizmor — Obfuscation (Low)

Affecting 23 workflows using GH_AW_WIKI_NOTE: $\{\{ '' }} pattern: agent-performance-analyzer, agentic-optimization-kit, audit-workflows, copilot-agent-analysis, copilot-cli-deep-research, copilot-pr-nlp-analysis, copilot-pr-prompt-analysis, copilot-session-insights, copilot-token-audit, copilot-token-optimizer, daily-cli-performance, daily-code-metrics, daily-news, daily-testify-uber-super-expert, deep-report, delight, discussion-task-miner, firewall-escape, metrics-collector, pr-triage-agent, security-compliance, smoke-ci, workflow-health-manager

Poutine — Unverified Actions

  • astral-sh/setup-uv@eac588... (mcp-inspector, copilot-token-audit, copilot-setup-steps, agentic-optimization-kit)
  • gaurav-nelson/github-action-markdown-link-check (link-check)
  • super-linter/super-linter (super-linter)

Poutine — Unverified Script Execution

  • curl -fsSL https://raw.githubusercontent.com/github/gh-aw/refs/heads/main/install-gh-aw.sh | bash in copilot-token-optimizer, copilot-token-audit, copilot-setup-steps, agentic-optimization-kit

Historical Trends

  • Previous Scan: None (first scan)
  • Total Findings Now: 1,785
  • Baseline established: 2026-04-23

Recommendations

  1. Immediate (High): Fix RGS-004 — add author_association checks to all 16 comment-triggered workflows
  2. Immediate (High): Fix RGS-008 — move 62 inline secret interpolations to env: mappings
  3. Immediate (High): Investigate RGS-018 — review 40 flagged patterns for potential IOC matches
  4. Short-term: Fix RGS-006 — replace curl|bash patterns with pinned, verified script references
  5. Short-term: Resolve poutine untrusted_checkout_exec errors in 8 workflows
  6. Long-term: Update actionlint schema to recognize copilot-requests permission scope
  7. Prevention: Add these tools to pre-commit hooks and CI validation

Next Steps

References:

Generated by Static Analysis Report · ● 341K ·

  • expires on Apr 30, 2026, 8:01 PM UTC

Metadata

Metadata

Assignees

No one assigned

    Labels

    automationsecurity

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions