Static Analysis Report - 2026-03-25

[github-actions[bot]]

Analysis Summary

Daily static analysis scan of 178 workflows using zizmor (security), poutine (supply chain), and actionlint (linting). One new workflow was added since yesterday, contributing to proportional increases in raw finding counts. The overall security posture is stable — no new high-severity issues emerged, and compiler warnings improved significantly (-15).

• Tools Used: zizmor, poutine, actionlint
• Total Findings: ~8,342 raw (zizmor: 3,953 · poutine: 19 · actionlint: 4,370)
• Workflows Scanned: 178 (+1 from yesterday)
• Compiler Warnings: 17 (improved from 32 yesterday)

Findings by Tool

Tool	Total	Critical	High	Medium	Low/Info
zizmor (security)	3,953	0	24	3,855	74
poutine (supply chain)	19	0	6 (error)	2 (warning)	11 (note)
actionlint (linting)	4,370	—	—	—	4,370

Clustered Findings by Tool and Type

Zizmor Security Findings

Issue Type	Severity	Count	Scope
secrets-outside-env	Medium	3,853	All 178 workflows
template-injection	High	24	24 workflows
template-injection	Informational	49	Multiple workflows
obfuscation	Low	20	Multiple workflows
artipacked	Medium	1	1 workflow
secrets-inherit	Medium	1	smoke-call-workflow

Poutine Supply Chain Findings

Issue Type	Severity	Count	Affected Workflows
untrusted_checkout_exec	Error	6	smoke-workflow-call, smoke-workflow-call-with-inputs
pr_runs_on_self_hosted	Warning	2	smoke-copilot-arm, dev
github_action_from_unverified_creator_used	Note	7	Multiple
unverified_script_exec	Note	2	copilot-setup-steps, daily-copilot-token-report
unpinnable_action	Note	2	.github/actions/daily-perf-improver, .github/actions/daily-test-improver

Actionlint Linting Issues

Issue Type	Count	Description
shellcheck SC2086	4,133	Double-quote to prevent globbing/word splitting
shellcheck SC2129	~173	Consider combined redirects
permissions (copilot-requests)	41	Unknown permission scope
expression (undefined outputs)	11	Undefined output properties referenced in needs.*
runner-label	12	Unknown runner labels (e.g., aw-gpu-runner-T4)

Top Priority Issues

1. Template Injection (zizmor) — ⚠️ High Severity, 11 days persistent

• Tool: zizmor
• Count: 24 High + 49 Informational = 73 total
• Severity: High (escalated from Informational on 2026-03-24)
• Affected: audit-workflows, copilot-pr-nlp-analysis, copilot-session-insights, daily-code-metrics, daily-copilot-token-report, daily-firewall-report, daily-integrity-analysis, daily-issues-report, daily-multi-device-docs-tester, daily-news, daily-performance-summary, daily-repo-chronicle, deep-report, docs-noob-tester, github-mcp-structural-analysis, org-health-report, poem-bot, portfolio-analyst, python-data-charts, stale-repo-identifier, technical-doc-writer, unbloat-docs, weekly-editors-health-check, weekly-issue-summary
• Description: GitHub Actions expressions are interpolated into run: scripts using $\{\{ }} syntax, creating potential for injection attacks if any inputs come from untrusted sources (issue titles, PR bodies, user comments).
• Impact: An attacker who can control the content of an issue title, PR title, or comment can inject arbitrary shell commands that execute in the CI runner context.
• Reference: (docs.zizmor.sh/redacted)

2. Untrusted Checkout Execution (poutine) — 🔴 Error, Day 11 Unresolved

• Tool: poutine
• Count: 6 findings
• Severity: Error (highest poutine level)
• Affected: smoke-workflow-call, smoke-workflow-call-with-inputs
• Description: Arbitrary Code Execution from Untrusted Code Changes — bash scripts execute code from a PR branch checkout without verification.
• Impact: Malicious PR contributor could execute arbitrary code on CI runners.

3. Secrets Outside Environment (zizmor) — Medium, Systemic

• Tool: zizmor
• Count: 3,853 findings across all 178 workflows
• Severity: Medium
• Description: Secrets referenced directly (e.g., $\{\{ secrets.TOKEN }}) instead of via a dedicated env: block. Reduces auditability and increases the attack surface.
• Reference: (docs.zizmor.sh/redacted)

Fix Suggestion for Template Injection

Issue: Template Injection via $\{\{ }} expressions in run: scripts
Severity: High
Affected Workflows: 24 workflows at High severity

Prompt to Copilot Agent:

You are fixing a High-severity security vulnerability identified by zizmor (template-injection).

**Vulnerability**: Template Injection
**Rule**: template-injection — (docs.zizmor.sh/redacted)

**Current Issue**:
GitHub Actions workflows use `$\{\{ }}` expressions directly inside `run:` shell scripts.
When these expressions contain untrusted input (issue/PR titles, body text, user-provided
values), an attacker can inject arbitrary shell commands.

Example of vulnerable code:
```yaml
- name: Process issue
  run: |
    echo "Processing: $\{\{ github.event.issue.title }}"
    gh issue comment $\{\{ github.event.issue.number }} --body "Done"

Required Fix:
Pass untrusted GitHub context values through environment variables instead of
interpolating them directly into shell scripts.

Step 1 – Identify all run: steps that use $\{\{ }} expressions containing
potentially untrusted values: issue/PR titles, bodies, comments, branch names,
commit messages, user logins from external actors.

Step 2 – For each such step, move the expression to an env: block and reference
it as a shell variable:

- name: Process issue
  env:
    ISSUE_TITLE: $\{\{ github.event.issue.title }}
    ISSUE_NUMBER: $\{\{ github.event.issue.number }}
  run: |
    echo "Processing: $ISSUE_TITLE"
    gh issue comment "$ISSUE_NUMBER" --body "Done"

Step 3 – Trusted, non-injectable values (e.g., github.run_id, github.sha,
hardcoded strings, numeric IDs from your own repo) do NOT need to be moved.
Focus only on values that could be attacker-controlled.

Step 4 – Quote all shell variable references with double quotes to prevent
word-splitting.

Affected workflow files to fix (24 High-severity):

• .github/workflows/audit-workflows.md
• .github/workflows/copilot-pr-nlp-analysis.md
• .github/workflows/copilot-session-insights.md
• .github/workflows/daily-code-metrics.md
• .github/workflows/daily-copilot-token-report.md
• .github/workflows/daily-firewall-report.md
• .github/workflows/daily-integrity-analysis.md
• .github/workflows/daily-issues-report.md
• .github/workflows/daily-multi-device-docs-tester.md
• .github/workflows/daily-news.md
• .github/workflows/daily-performance-summary.md
• .github/workflows/daily-repo-chronicle.md
• .github/workflows/deep-report.md
• .github/workflows/docs-noob-tester.md
• .github/workflows/github-mcp-structural-analysis.md
• .github/workflows/org-health-report.md
• .github/workflows/poem-bot.md
• .github/workflows/portfolio-analyst.md
• .github/workflows/python-data-charts.md
• .github/workflows/stale-repo-identifier.md
• .github/workflows/technical-doc-writer.md
• .github/workflows/unbloat-docs.md
• .github/workflows/weekly-editors-health-check.md
• .github/workflows/weekly-issue-summary.md

<details>
<summary><b>Detailed Findings Summary by Category</b></summary>

#### Zizmor — secrets-outside-env (3,853 findings)
Affects all 178 workflows. Each workflow has multiple `$\{\{ secrets.* }}` references outside a dedicated `env:` block. This is a systemic pattern across the entire repository.

#### Zizmor — template-injection (73 findings)
- **24 High severity**: Direct injection of untrusted GitHub context into shell `run:` commands
- **49 Informational**: Less-critical interpolations flagged for review
- First appeared as Informational on 2026-03-23 (49 findings), escalated to 24 High on 2026-03-24

#### Zizmor — obfuscation (20 findings)
Low-severity findings related to obfuscated usage of GitHub Actions features (e.g., indirect context references). Present since 2026-03-10.

#### Poutine — untrusted_checkout_exec (6 findings, Day 11)
Introduced 2026-03-15, briefly resolved 2026-03-18, re-emerged 2026-03-19. The two affected smoke test workflows checkout PR branches and execute bash commands, creating ACE risk.

#### Actionlint — shellcheck SC2086 (4,133 findings)
Systemic across all workflows. The compiled `.lock.yml` files use `\$\{RUNNER_TEMP}/gh-aw/actions/*.sh` patterns without double-quoting `$RUNNER_TEMP`. This is a low-risk pattern since `RUNNER_TEMP` is a trusted runner-provided variable, but shellcheck flags it for style compliance.

#### Actionlint — permissions/copilot-requests (41 findings)
GitHub Actions' actionlint does not recognize `copilot-requests: write` as a valid permission scope. This is a gh-aw framework-specific scope that may not be in the official GitHub Actions permission schema yet.

#### Actionlint — expression/undefined-outputs (11 findings)
Workflows reference output properties (e.g., `needs.activation.outputs.activated`) that are not defined in the output schema. This typically means the output was removed or renamed in the source job.

#### Actionlint — runner-label (12 findings)
Custom runner labels like `aw-gpu-runner-T4` and `ubuntu-24.04-arm` are unknown to actionlint's runner label schema. These are legitimate self-hosted or GitHub-hosted runners not in actionlint's default allowlist.

</details>

### Historical Trends

- **Previous Scan**: 2026-03-24 (177 workflows)
- **Today**: 2026-03-25 (178 workflows, +1 new)

| Metric | 2026-03-24 | 2026-03-25 | Delta |
|--------|------------|------------|-------|
| Workflows | 177 | 178 | +1 |
| Actionlint raw | 3,898 | 4,370 | +472 |
| Zizmor raw | 3,925 | 3,953 | +28 |
| Poutine raw | 20 | 19 | -1 |
| Compiler warnings | 32 | 17 | **-15 ✅** |

**Long-term context** (from 2026-02-21 baseline):
- Workflows grew: 156 → 178 (+22, +14%)
- Actionlint escalated dramatically starting 2026-03-14 when shellcheck SC2086 became a dominant finding (was ~43, now ~4,370)
- Zizmor escalated starting 2026-03-09 when secrets-outside-env became fully audited (was 4, now 3,953)
- Poutine untrusted_checkout_exec re-emerged 2026-03-19, unresolved for 11 days

**Resolved Issues (since 2026-03-24)**:
- `github-env` (High): RESOLVED — 0 findings (was 8)
- `unpinned-uses` (High): RESOLVED — 0 findings (was 2)

**New Issues**:
- No new issue types introduced today

### Recommendations

1. **Immediate** (High priority): Fix `template-injection` High findings in 24 workflows — use the Copilot agent fix prompt above
2. **Immediate** (Day 11): Resolve `untrusted_checkout_exec` in `smoke-workflow-call` and `smoke-workflow-call-with-inputs` — restrict bash execution to trusted code paths
3. **Short-term**: Address `expression` undefined-output errors (11 findings) — these may indicate broken workflow logic
4. **Long-term**: Establish a systematic fix for `secrets-outside-env` (3,853 findings) — consider a bulk migration to `env:` blocks
5. **Ongoing**: `permissions/copilot-requests` errors (41) require either actionlint config update to recognize the custom scope, or GitHub Actions schema update

### Next Steps

- [ ] Apply Copilot agent fix prompt for `template-injection` across 24 High-severity workflows
- [ ] Investigate and resolve `untrusted_checkout_exec` in smoke workflow files (Day 11)
- [ ] Review `expression` undefined-output errors — may indicate broken activation logic
- [ ] Add `copilot-requests` to actionlint's known permission scopes configuration
- [ ] Evaluate bulk fix for `secrets-outside-env` using environment variable migration

**References:** [§23560504685](https://github.com/github/gh-aw/actions/runs/23560504685)


> AI generated by [Static Analysis Report](https://github.com/github/gh-aw/actions/runs/23560504685) · [history](https://github.com/search?q=repo%3Agithub%2Fgh-aw+%22gh-aw-workflow-call-id%3A+github%2Fgh-aw%2Fstatic-analysis-report%22&type=discussions)
> - [x] expires <!-- gh-aw-expires: 2026-03-26T19:48:12.181Z --> on Mar 26, 2026, 7:48 PM UTC

<!-- gh-aw-workflow-id: static-analysis-report -->
<!-- gh-aw-workflow-call-id: github/gh-aw/static-analysis-report -->

[github-actions[bot]]

🤖 Beep boop! The smoke test agent has landed! 🚀

I've analyzed this Static Analysis Report and all I can say is: 178 workflows, 8,342 findings, and zero coffee breaks for the security scanners! ☕

Those template injection findings aren't going to fix themselves — time to call in the cavalry (aka the Copilot agent fix prompt above). Meanwhile, the untrusted_checkout_exec findings have been hanging around for 11 days like that one PR nobody wants to review. 👀

Keep up the great static analysis work! The compiler warnings dropping from 32 to 17 is a W. ✅

🤖 Smoke test agent was here — Run 23561682946

📰 BREAKING: Report filed by Smoke Copilot · ◷

[github-actions[bot]]

💥 WHOOSH!

POW! The smoke test agent was HERE! 🦸

BAM! — Claude engine §23561682947 swooped in, tested all systems, and found everything NOMINAL!

ZAP! All circuits firing. All MCP tools responding. Build successful. The hero departs... for now! 🚀

[THE END] — Illustrated by Smoke Claude

💥 [THE END] — Illustrated by Smoke Claude · ◷

[github-actions[bot]]

This discussion has been marked as outdated by Static Analysis Report.

A newer discussion is available at Discussion #23157.