Runner-Guard Security Finding
Rule: RGS-018 — Suspicious Payload Execution Pattern
Severity: High
Affected Workflows: 34
Total Findings: 37
Description
Runner-Guard's taint analysis scanner detected run: blocks matching code patterns associated with obfuscated payload execution or known indicators of compromise (IOCs) from active supply chain attack campaigns. This includes eval+decode chains (e.g., eval(base64.b64decode(...)), base64 --decode | bash), known malware marker variables, persistence file paths, and C2 communication patterns.
These patterns are loaded from Runner Guard's threat signature database (updated independently of the scanner binary). A match against a known IOC indicates potential active compromise; a match against a dangerous execution pattern indicates susceptibility to this class of supply chain attack.
Impact
If any of the flagged run: blocks contain genuine IOC patterns:
- Active compromise of the CI/CD pipeline is possible
- Attacker-controlled code may execute in a privileged runner context
- Secrets, tokens, or deployment credentials may be exfiltrated
Affected Workflows
api-consumption-report, audit-workflows, changeset, ci-coach, cli-version-checker, cloclo, copilot-agent-analysis, copilot-opt, copilot-pr-merged-report, copilot-pr-nlp-analysis, copilot-pr-prompt-analysis, copilot-session-insights, daily-cli-performance, daily-issues-report, daily-news, daily-safe-output-optimizer, daily-sentrux-report, deep-report, discussion-task-miner, go-logger, issue-arborist, org-health-report, prompt-clustering-analysis, safe-output-health, scout, smoke-claude, smoke-codex, smoke-copilot-arm, smoke-copilot, smoke-crush, smoke-gemini, smoke-opencode, smoke-pi, stale-repo-identifier
Sample Findings
The pattern recurs at steps like "Setup jq utilities directory" and "Write MCP Scripts Config" in multiple workflows. The scanner flags these steps based on patterns in its signature database.
Example flagged location (cloclo.lock.yml:570):
- name: Setup jq utilities directory
# (step flagged by RGS-018 IOC pattern matcher)
Example flagged location (smoke-pi.lock.yml:746):
- name: Write MCP Scripts Config
run: |
mkdir -p "${RUNNER_TEMP}/gh-aw/mcp-scripts/logs"Remediation
- Triage each flagged step — review the actual
run: block content for the flagged line numbers against runner-guard's known IOC patterns
- Common false positive pattern: Steps with names like "Setup jq utilities directory" or "Write MCP Scripts Config" that create directories — these may match path-based IOC signatures (e.g.,
/tmp/ persistence paths)
- If legitimate: Add a
# runner-guard:ignore RGS-018 comment or update the runner-guard allowlist for known-safe patterns
- If suspicious: Immediately audit the step's source and the action that introduced it
- Prevent recurrence: Pin all action versions with SHA, review any steps that write to temp directories or execute shell scripts
Detected by runner-guard v2.6.0 — CI/CD source-to-sink vulnerability scanner
Workflow run: https://github.com/github/gh-aw/actions/runs/25418588621
Generated by Static Analysis Report · ● 451.6K · ◷
Runner-Guard Security Finding
Rule: RGS-018 — Suspicious Payload Execution Pattern
Severity: High
Affected Workflows: 34
Total Findings: 37
Description
Runner-Guard's taint analysis scanner detected
run:blocks matching code patterns associated with obfuscated payload execution or known indicators of compromise (IOCs) from active supply chain attack campaigns. This includes eval+decode chains (e.g.,eval(base64.b64decode(...)),base64 --decode | bash), known malware marker variables, persistence file paths, and C2 communication patterns.These patterns are loaded from Runner Guard's threat signature database (updated independently of the scanner binary). A match against a known IOC indicates potential active compromise; a match against a dangerous execution pattern indicates susceptibility to this class of supply chain attack.
Impact
If any of the flagged
run:blocks contain genuine IOC patterns:Affected Workflows
api-consumption-report,audit-workflows,changeset,ci-coach,cli-version-checker,cloclo,copilot-agent-analysis,copilot-opt,copilot-pr-merged-report,copilot-pr-nlp-analysis,copilot-pr-prompt-analysis,copilot-session-insights,daily-cli-performance,daily-issues-report,daily-news,daily-safe-output-optimizer,daily-sentrux-report,deep-report,discussion-task-miner,go-logger,issue-arborist,org-health-report,prompt-clustering-analysis,safe-output-health,scout,smoke-claude,smoke-codex,smoke-copilot-arm,smoke-copilot,smoke-crush,smoke-gemini,smoke-opencode,smoke-pi,stale-repo-identifierSample Findings
The pattern recurs at steps like "Setup jq utilities directory" and "Write MCP Scripts Config" in multiple workflows. The scanner flags these steps based on patterns in its signature database.
Example flagged location (
cloclo.lock.yml:570):Example flagged location (
smoke-pi.lock.yml:746):Remediation
run:block content for the flagged line numbers against runner-guard's known IOC patterns/tmp/persistence paths)# runner-guard:ignore RGS-018comment or update the runner-guard allowlist for known-safe patternsDetected by runner-guard v2.6.0 — CI/CD source-to-sink vulnerability scanner
Workflow run: https://github.com/github/gh-aw/actions/runs/25418588621