You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Note on duplicates: Per the dedup-by-rule-and-file policy established in #31043, no new individual runner-guard issues were created this run. All current High-severity RGS rules (RGS-004, RGS-012, RGS-018) are covered by previously-filed-and-closed issues (e.g. #30945, #30946, #30947, #30776, #30777, #30778, #29158, #29160, #29178, #29462, #29885). Yesterday's report is #31306.
Clustered Findings
Runner-Guard Taint Analysis
Rule ID
Name
Severity
Count
Unique Workflows
RGS-004
Comment-Triggered Workflow Without Author Authorization Check
High
1739
18
RGS-005
Excessive Permissions on Untrusted Trigger
Medium
54
17
RGS-018
Suspicious Payload Execution Pattern
High
29
29
RGS-012
Secret Exfiltration via Outbound HTTP Request
High
8
4
Issues created this run: none — see deduplication note above.
Zizmor Security Findings
Issue Type
Severity
Count
Unique Workflows
template-injection
Informational
39
14
obfuscation
Low
24
24
github-env
High
2
1 (dev-hawk.lock.yml)
template-injection
Low
1
1
artipacked
Medium
1
1 (daily-geo-optimizer.lock.yml)
excessive-permissions
Medium
1
1 (dependabot-repair.lock.yml)
Poutine Supply Chain Findings
Issue Type
Severity
Count
Unique Workflows
untrusted_checkout_exec
error
8
2 (smoke-workflow-call*)
github_action_from_unverified_creator_used
note
6
5
unverified_script_exec
note
2
2
pr_runs_on_self_hosted
warning
1
1
Actionlint Linting Issues
Rule
Count
shellcheck (SC2016 — expressions don't expand in single quotes)
430
permissions (unknown scope "copilot-requests")
109
expression (property not defined)
15
Top Priority Issues
1. RGS-004 — Comment-Triggered Workflow Without Author Authorization Check
Tool: runner-guard
Severity: High
Count: 1,739 (across 18 workflows — unbloat-docs.lock.yml (130), cloclo.lock.yml (116), q.lock.yml (110), tidy.lock.yml (108), mergefest.lock.yml (106) are the heaviest contributors)
Description: Workflows triggered by issue_comment, pull_request_review_comment, or workflow_run events that access secrets or write permissions without verifying github.event.comment.author_association.
Status: Covered by closed issues — no new issue this run.
2. RGS-018 — Suspicious Payload Execution Pattern
Tool: runner-guard
Severity: High
Count: 29 (one per affected workflow)
Description: A run: block contains code patterns associated with obfuscated payload execution or known IOCs.
Status: Covered by closed issues — no new issue this run.
This is the highest-severity finding from a code-quality tool that is not already tracked by a closed RGS issue, so it is the best candidate for a one-shot Copilot agent fix. Same prompt as #31306.
Issue: Dangerous use of GitHub environment file in dev-hawk.lock.yml Severity: High Affected Workflows: 1 (dev-hawk.lock.yml lines 721 and 1532)
Prompt to Copilot Agent:
You are fixing a security vulnerability identified by zizmor.
**Vulnerability**: github-env — dangerous use of environment file
**Rule**: github-env — (docs.zizmor.sh/redacted)
**File**: .github/workflows/dev-hawk.lock.yml (lines 721 and 1532)
**Current Issue**:
The workflow appends to $GITHUB_ENV using a value that may originate from
attacker-controllable input (e.g. an issue title, PR body, or comment).
When such input contains a newline, the attacker can inject arbitrary
environment variables that influence subsequent steps — including
overwriting PATH, GH_TOKEN, or other secrets.
**Required Fix**:
1. Locate the source `dev-hawk.md` markdown workflow under `.github/workflows/`
(the .lock.yml is generated; do not edit it directly).
2. For every `echo "X=$Y" >> $GITHUB_ENV` style line:
a. If $Y comes from `github.event.*` user-controllable input, do NOT
put it on $GITHUB_ENV at all. Pass it via the step `env:` block
from a literal `${{ github.event.* }}` template, OR sanitize
the value first.
b. If you must write to $GITHUB_ENV, use the heredoc form with a
random delimiter:
echo "X<<__END_$RANDOM" >> "$GITHUB_ENV"
echo "$Y" >> "$GITHUB_ENV"
echo "__END_$RANDOM" >> "$GITHUB_ENV"
and ensure $Y itself cannot contain the delimiter.
3. Recompile with `gh aw compile` so dev-hawk.lock.yml is regenerated.
4. Re-run zizmor and confirm the github-env warnings at lines 721 and 1532
are resolved.
**Example**:
Before:
- run: |
echo "TITLE=${{ github.event.issue.title }}" >> "$GITHUB_ENV"
After (use env: block, not $GITHUB_ENV):
- env:
TITLE: ${{ github.event.issue.title }}
run: |
echo "Working with title: $TITLE"
Please apply this fix to .github/workflows/dev-hawk.md and verify the
regenerated dev-hawk.lock.yml passes zizmor.
All 8 untrusted_checkout_exec findings are in smoke-workflow-call.lock.yml and smoke-workflow-call-with-inputs.lock.yml — these are smoke tests that intentionally exercise this pattern. Suppressions are already noted via # poutine:ignore untrusted_checkout_exec comments adjacent to each finding.
Actionlint top contributors
shellcheck SC2016 (430) — Expressions don't expand in single quotes: affects almost every workflow with a heredoc that uses '...' quoting for embedded ${{ ... }} expressions that should not be expanded by the shell. These are typically intentional and benign but pollute the lint stream.
permissions (109) — unknown permission scope "copilot-requests": actionlint does not yet recognize the copilot-requests permission scope that gh-aw emits. This is a known false-positive at the actionlint side; gh-aw uses the scope intentionally.
expression (15) — property "X" is not defined: mostly references to needs.activation.outputs.* and similar inter-job references in workflows like approach-validator and ace-editor.
Recommendations
Immediate: The two zizmor github-env High findings in dev-hawk.lock.yml are the highest-priority fixes that are NOT already tracked by an existing closed RGS issue. See the Copilot prompt above. (Same as [static-analysis] Report - 2026-05-10 #31306 — finding has persisted across two daily scans.)
Short-term: Triage the bulk RGS-004 finding in unbloat-docs.lock.yml/cloclo.lock.yml/q.lock.yml (each producing 100+ duplicates). A single author_association gate at the top of each workflow would erase the largest clusters.
Long-term: The RGS-018 pattern fires once per file across 29 workflows — investigate whether this is a false-positive shared template (a common Setup-jq step or similar) and tune the rule or the template.
Tooling: The actionlint copilot-requests permission false-positives (109) suggest filing an upstream actionlint config or adding a custom rule allow-list.
Analysis Summary
Findings by Tool
Note on duplicates: Per the dedup-by-rule-and-file policy established in #31043, no new individual runner-guard issues were created this run. All current High-severity RGS rules (RGS-004, RGS-012, RGS-018) are covered by previously-filed-and-closed issues (e.g. #30945, #30946, #30947, #30776, #30777, #30778, #29158, #29160, #29178, #29462, #29885). Yesterday's report is #31306.
Clustered Findings
Runner-Guard Taint Analysis
Issues created this run: none — see deduplication note above.
Zizmor Security Findings
dev-hawk.lock.yml)daily-geo-optimizer.lock.yml)dependabot-repair.lock.yml)Poutine Supply Chain Findings
Actionlint Linting Issues
Top Priority Issues
1. RGS-004 — Comment-Triggered Workflow Without Author Authorization Check
unbloat-docs.lock.yml(130),cloclo.lock.yml(116),q.lock.yml(110),tidy.lock.yml(108),mergefest.lock.yml(106) are the heaviest contributors)issue_comment,pull_request_review_comment, orworkflow_runevents that access secrets or write permissions without verifyinggithub.event.comment.author_association.2. RGS-018 — Suspicious Payload Execution Pattern
run:block contains code patterns associated with obfuscated payload execution or known IOCs.3. zizmor
github-env(High).github/workflows/dev-hawk.lock.ymllines 721, 1532$GITHUB_ENVfrom untrusted input can lead to env-var injection.Fix Suggestion for zizmor
github-env(High)This is the highest-severity finding from a code-quality tool that is not already tracked by a closed RGS issue, so it is the best candidate for a one-shot Copilot agent fix. Same prompt as #31306.
Issue: Dangerous use of GitHub environment file in
dev-hawk.lock.ymlSeverity: High
Affected Workflows: 1 (
dev-hawk.lock.ymllines 721 and 1532)Prompt to Copilot Agent:
Historical Trends
New Issues
Resolved Issues
copilot-requests).All Findings Details
Runner-Guard High-severity affected workflows
RGS-004 (18 workflows, 1739 findings — counts per file):
unbloat-docs.lock.yml(130),cloclo.lock.yml(116),q.lock.yml(110),tidy.lock.yml(108),mergefest.lock.yml(106),scout.lock.yml(105),pdf-summary.lock.yml(103),approach-validator.lock.yml(102),plan.lock.yml(100),pr-nitpick-reviewer.lock.yml(98),pr-code-quality-reviewer.lock.yml(98),grumpy-reviewer.lock.yml(98),security-review.lock.yml(84),archie.lock.yml(81),brave.lock.yml(79),ai-moderator.lock.yml(79),ace-editor.lock.yml(74),dev-hawk.lock.yml(68)RGS-018 (29 workflows, 1 each):
api-consumption-report.lock.yml,audit-workflows.lock.yml,changeset.lock.yml,ci-coach.lock.yml,cli-version-checker.lock.yml,cloclo.lock.yml,copilot-agent-analysis.lock.yml,copilot-opt.lock.yml,copilot-pr-merged-report.lock.yml,copilot-pr-nlp-analysis.lock.yml,copilot-pr-prompt-analysis.lock.yml,copilot-session-insights.lock.yml,copilot-setup-steps.yml,daily-cli-performance.lock.yml,daily-issues-report.lock.yml,daily-news.lock.yml,daily-safe-output-optimizer.lock.yml,daily-sentrux-report.lock.yml,deep-report.lock.yml,discussion-task-miner.lock.yml,go-logger.lock.yml,issue-arborist.lock.yml,org-health-report.lock.yml,prompt-clustering-analysis.lock.yml,safe-output-health.lock.yml,scout.lock.yml,smoke-claude.lock.yml,smoke-codex.lock.yml,stale-repo-identifier.lock.ymlRGS-012 (4 workflows, 8 findings):
daily-model-inventory.lock.yml(4),visual-regression-checker.lock.yml(2),unbloat-docs.lock.yml(1),docs-noob-tester.lock.yml(1)Zizmor High & Medium findings (4 total)
.github/workflows/dev-hawk.lock.yml.github/workflows/dev-hawk.lock.yml.github/workflows/daily-geo-optimizer.lock.yml.github/workflows/dependabot-repair.lock.ymlPoutine error findings (8 total)
All 8
untrusted_checkout_execfindings are insmoke-workflow-call.lock.ymlandsmoke-workflow-call-with-inputs.lock.yml— these are smoke tests that intentionally exercise this pattern. Suppressions are already noted via# poutine:ignore untrusted_checkout_execcomments adjacent to each finding.Actionlint top contributors
Expressions don't expand in single quotes: affects almost every workflow with a heredoc that uses'...'quoting for embedded${{ ... }}expressions that should not be expanded by the shell. These are typically intentional and benign but pollute the lint stream.unknown permission scope "copilot-requests": actionlint does not yet recognize thecopilot-requestspermission scope that gh-aw emits. This is a known false-positive at the actionlint side; gh-aw uses the scope intentionally.property "X" is not defined: mostly references toneeds.activation.outputs.*and similar inter-job references in workflows likeapproach-validatorandace-editor.Recommendations
github-envHigh findings indev-hawk.lock.ymlare the highest-priority fixes that are NOT already tracked by an existing closed RGS issue. See the Copilot prompt above. (Same as [static-analysis] Report - 2026-05-10 #31306 — finding has persisted across two daily scans.)unbloat-docs.lock.yml/cloclo.lock.yml/q.lock.yml(each producing 100+ duplicates). A singleauthor_associationgate at the top of each workflow would erase the largest clusters.copilot-requestspermission false-positives (109) suggest filing an upstream actionlint config or adding a custom rule allow-list.Next Steps
github-envindev-hawk.lock.yml(2 days outstanding)artipackedindaily-geo-optimizer,excessive-permissionsindependabot-repair)untrusted_checkout_execpatterns in smoke tests via# poutine:ignorecommentsReferences: