Skip to content

[plan] Review and address template injection warnings #5299

New issue
New issue
Closed
#5381
Closed
[plan] Review and address template injection warnings#5299
#5381
Assignees
copilot-swe-agent
Labels
ai-generatedplan
@github-actions

Description

@github-actions
github-actions
bot
opened on Dec 2, 2025

Objective

Review the 5 template injection warnings identified by zizmor and implement appropriate input sanitization where needed.

Context

Priority: 🔵 Priority 4 (Low/Informational security warnings)

While these are marked as Informational/Low severity, template injection vulnerabilities should be reviewed to ensure proper input sanitization in GitHub expressions.

Affected Workflows

  1. breaking-change-checker.md - Line 5781:9 (Informational)

    • Step: "Assign copilot to created issues"

  2. changeset.md - Line 6254:9 (Informational)

    • Step: "Configure Git credentials"

  3. duplicate-code-detector.md - Line 5668:9 (Informational)

    • Step: "Assign copilot to created issues"

  4. mcp-inspector.md - Line 1784:9 (Low)

    • Step: "Setup MCPs"

  5. release.md - Line 461:9 (Informational)

    • Step: "Setup environment and fetch release data"

Reference: (redacted)#template-injection

Approach

For each workflow:

  1. Identify the GitHub expression that triggered the warning
  2. Determine if untrusted user input is being used in the expression
  3. If yes, implement one of these mitigations:
    • Use environment variables with ${{ env.VAR }} instead of direct injection
    • Use github.event.*.id (numeric IDs) instead of text fields
    • Sanitize inputs before use
  4. If the expression only uses trusted GitHub context, document why it's safe

Files to Review

  • .github/workflows/breaking-change-checker.md (line ~5781)
  • .github/workflows/changeset.md (line ~6254)
  • .github/workflows/duplicate-code-detector.md (line ~5668)
  • .github/workflows/mcp-inspector.md (line ~1784)
  • .github/workflows/release.md (line ~461)

Acceptance Criteria

  • All 5 template injection warnings reviewed
  • Mitigation applied or safety documented for each case
  • Zizmor scan shows reduced warnings (or documented acceptance)
  • No functional regressions in affected workflows
  • Security review notes documented in commit message

Testing

# Re-run zizmor scan on all affected workflows
gh aw compile breaking-change-checker --zizmor
gh aw compile changeset --zizmor
gh aw compile duplicate-code-detector --zizmor
gh aw compile mcp-inspector --zizmor
gh aw compile release --zizmor

Related to #5294

AI generated by Plan Command for discussion #5280

Metadata

Metadata

Assignees

Labels

ai-generatedplan

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions