Static Analysis Report - 2026-04-02

[github-actions[bot]]

Analysis Summary

Daily static analysis scan of all agentic workflows using zizmor, poutine, and actionlint. Total findings decreased marginally by 1 versus the previous scan (8601 → 8600), though the composition shifted: zizmor findings dropped by 230 while actionlint findings grew by 229, reflecting new workflow additions and incremental shellcheck growth.

• Tools Used: zizmor (security), poutine (supply chain), actionlint (linting + shellcheck)
• Total Findings: 8,600
• Workflows Scanned: 179
• Workflows Compiled Successfully: 179 (0 errors, 17 warnings)

Findings by Tool

Tool	Total	Critical	High	Medium	Low	Info/Note
zizmor (security)	3,762	0	30	3,630	20	82
poutine (supply chain)	19	0	0	2	7	10
actionlint (linting)	4,819	—	—	—	—	4,819
Total	8,600	0	30	3,632	27	4,911

---

Clustered Findings by Tool and Type

Zizmor Security Findings

Issue Type	Severity	Count	Affected Workflows
secrets-outside-env	Medium	3,627	179 (all)
template-injection	High (24) + Informational (82)	106	47
obfuscation	Low	20	~20
unpinned-uses	High	5	1 (daily-fact)
github-env	High	1	1 (dev-hawk)
artipacked	Medium	1	1
secrets-inherit	Medium	1	1

Poutine Supply Chain Findings

Issue Type	Severity	Count	Affected Workflows
untrusted_checkout_exec	Error	6	smoke-workflow-call, smoke-workflow-call-with-inputs
pr_runs_on_self_hosted	Warning	2	dev, smoke-copilot-arm
github_action_from_unverified_creator_used	Note	7	smoke-codex, mcp-inspector, super-linter, link-check, copilot-setup-steps
unverified_script_exec	Note	2	copilot-setup-steps, daily-copilot-token-report
unpinnable_action	Note	2	.github/actions (local)

Actionlint Linting Issues

Issue Type	Count	Description
shellcheck SC2086	4,545	Unquoted variables (globbing/word splitting)
shellcheck SC2129	174	Individual redirects (style)
permissions	74	Unknown scope copilot-requests: write
expression	13	Undefined output properties (imageid, activated, artifact_prefix)
runner-label	12	Unknown runner labels
shellcheck SC2012	1	Use find instead of ls

---

Top Priority Issues

1. Template Injection (High Severity — 47 Workflows)

• Tool: zizmor
• Count: 106 total (24 High, 82 Informational)
• Severity: High
• Affected: 47 workflows including audit-workflows, copilot-pr-nlp-analysis, copilot-session-insights, daily-code-metrics, daily-firewall-report, daily-news, issue-monster, poem-bot, scout, q, and 37 more
• Description: $\{\{ github.event.* }} expressions directly interpolated into run: shell scripts, enabling shell command injection via crafted issue titles, comment bodies, or PR branch names
• Impact: An attacker can execute arbitrary commands in the runner by creating an issue or comment with shell metacharacters
• Reference: (docs.zizmor.sh/redacted)

2. Unknown Permission Scope copilot-requests (74 Occurrences — ~41 Workflows)

• Tool: actionlint
• Count: 74
• Description: Workflows use copilot-requests: write which is not a recognized GitHub Actions permission scope
• Impact: Linting failure; the permission may be silently ignored or cause unexpected behavior

3. Expression Property Undefined (13 Occurrences — ~10 Workflows)

• Tool: actionlint
• Count: 13
• Affected: Workflows using runner.imageid, activation.outputs.activated, activation.outputs.artifact_prefix
• Description: Accessing properties not defined in the output type — likely schema mismatches or stale output definitions

4. Untrusted Checkout Exec — Poutine (6 Occurrences — 2 Workflows)

• Tool: poutine
• Count: 6
• Severity: Error
• Affected: smoke-workflow-call, smoke-workflow-call-with-inputs
• Description: bash scripts executed from checkout in workflows triggered by PRs — arbitrary code execution risk from untrusted contributors
• Note: Lines are marked # poutine:ignore untrusted_checkout_exec but findings still surface

---

Fix Suggestion for Template Injection

Issue: template-injection — Code Injection via Template Expansion
Severity: High
Affected Workflows: 47 workflows (24 with High severity)
Reference: (docs.zizmor.sh/redacted)

Prompt to Copilot Agent:

You are fixing a security vulnerability identified by zizmor in GitHub Actions workflows.

**Vulnerability**: template-injection — Code Injection via Template Expansion
**Rule**: template-injection
**Reference**: (docs.zizmor.sh/redacted)
**Severity**: High

**Current Issue**:
GitHub Actions $\{\{ expression }} template syntax is used directly inside run: shell scripts
with user-controlled values (e.g. github.event.issue.title, github.event.comment.body,
github.head_ref). An attacker can craft a malicious issue title or comment to inject
arbitrary shell commands.

**Required Fix**:
Replace all $\{\{ user_controlled_expression }} inside run: scripts with environment variables.
Move the value to the step's env: block and reference it as a shell variable $VAR_NAME.

Before (vulnerable):
  - name: Process
    run: |
      echo "$\{\{ github.event.issue.title }}"

After (safe):
  - name: Process
    env:
      ISSUE_TITLE: $\{\{ github.event.issue.title }}
    run: |
      echo "\$\{ISSUE_TITLE}"

Safe to keep inline (not user-controlled):
  - $\{\{ github.run_id }}  (numeric)
  - $\{\{ github.sha }}  (hex)
  - $\{\{ runner.temp }}  (path)

Must move to env: (user-controlled):
  - github.event.issue.title / body / number
  - github.event.comment.body
  - github.event.pull_request.title / head.ref
  - github.event.*.name fields

Please apply this fix to all affected workflow .md files.
Affected workflows (High severity): audit-workflows, copilot-pr-nlp-analysis,
copilot-session-insights, daily-code-metrics, daily-copilot-token-report,
daily-firewall-report, daily-integrity-analysis, daily-issues-report,
daily-multi-device-docs-tester, daily-news, daily-performance-summary,
daily-repo-chronicle, deep-report, docs-noob-tester, github-mcp-structural-analysis,
grumpy-reviewer, issue-arborist, issue-monster, issue-triage-agent, org-health-report,
plan, poem-bot, portfolio-analyst, pr-triage-agent, python-data-charts, q, refiner,
scout, smoke-agent-all-merged, smoke-agent-all-none, smoke-agent-public-approved,
smoke-agent-public-none, smoke-agent-scoped-approved, smoke-copilot, smoke-service-ports,
stale-repo-identifier, technical-doc-writer, unbloat-docs, weekly-blog-post-writer,
weekly-editors-health-check, weekly-issue-summary, weekly-safe-outputs-spec-review,
workflow-generator, discussion-task-miner, daily-doc-updater, contribution-check,
auto-triage-issues

---

All Findings Details by Category

Zizmor: secrets-outside-env (Medium — 3,627 occurrences)

All 179 workflows are flagged because secrets are referenced in jobs that do not use a named GitHub environment (environment:). This is a widespread structural pattern in the gh-aw harness. zizmor recommends using named environments to constrain secret access, but this would require significant harness-level changes.

Zizmor: unpinned-uses (High — 5 occurrences in daily-fact)

daily-fact uses github/gh-aw-actions/setup@v0 (a mutable tag). This should be pinned to a specific SHA for supply chain security.

Zizmor: github-env (High — 1 occurrence in dev-hawk)

dev-hawk writes untrusted data to $GITHUB_ENV, which can set environment variables for subsequent steps — potential environment injection vector.

Actionlint: expression undefined properties

• runner.imageid — used in 10 workflows via qmd experimental feature
• activation.outputs.activated — used in ace-editor
• activation.outputs.artifact_prefix — used in smoke-claude

These likely reflect schema drift between the workflow compiler's output type definitions and actual field names.

Poutine: github_action_from_unverified_creator_used (Note)

Third-party actions from unverified publishers:

• actions-ecosystem/action-add-labels (smoke-codex)
• astral-sh/setup-uv (mcp-inspector, copilot-setup-steps, daily-copilot-token-report)
• gaurav-nelson/github-action-markdown-link-check (link-check)
• super-linter/super-linter (super-linter)

All are pinned to commit SHAs, which mitigates the risk.

---

Historical Trends

Date	Total	Zizmor	Poutine	Actionlint	Workflows
2026-03-29	7,383	3,455	6	3,928	178
2026-03-30	8,520	3,953	6	4,561	178
2026-03-31	8,562	3,977	19	4,566	178
2026-04-01	8,601	3,992	19	4,590	179
2026-04-02	8,600	3,762	19	4,819	179

Changes vs. yesterday (2026-04-01):

• Total: -1 (essentially stable)
• Zizmor: -230 (secrets-outside-env decreased from 3,861 → 3,627)
• Poutine: 0 (stable — no new supply chain findings)
• Actionlint: +229 (SC2086 increased from 4,309 → 4,545, likely tracking workflow growth)

New Issues (vs. 2026-04-01)

• No new issue types detected

Resolved Issues

• No issue types fully resolved

---

Recommendations

1. Immediate — Fix template-injection (High): Apply the Copilot agent prompt above to the 24 High-severity workflows. This eliminates a real shell injection attack vector.
2. Short-term — Fix github-env in dev-hawk: Audit what is written to $GITHUB_ENV and sanitize or remove it.
3. Short-term — Pin daily-fact action: Replace @v0 with a specific commit SHA for github/gh-aw-actions/setup.
4. Medium-term — Fix expression undefined properties: Investigate runner.imageid (qmd experimental feature), activation.outputs.activated (ace-editor schema), and activation.outputs.artifact_prefix (smoke-claude).
5. Long-term — Ecosystem identifier for Go proxy: Replace individual proxy.golang.org / sum.golang.org firewall domains with the go ecosystem identifier in issue-triage-agent.
6. Ongoing — SC2086 shellcheck: The harness uses bash \$\{RUNNER_TEMP}/... extensively with unquoted \$\{}. While low-risk (RUNNER_TEMP is system-controlled), quoting would clean up the noise.

Next Steps

• Apply template-injection fix to all 47 affected workflows using the Copilot agent prompt above
• Fix github-env write in dev-hawk
• Pin daily-fact action reference to a SHA
• Investigate and fix undefined expression properties (imageid, activated, artifact_prefix)
• Review smoke-workflow-call untrusted_checkout_exec — determine if poutine:ignore suppression is appropriate

References:

• §23918626895

AI generated by Static Analysis Report · history

• expires on Apr 3, 2026, 7:49 PM UTC

[github-actions[bot]]

This discussion has been marked as outdated by Static Analysis Report.

A newer discussion is available at Discussion #24358.