Static Analysis Report - 2026-03-27

[github-actions[bot]]

Daily static analysis scan of all agentic workflows (zizmor, poutine, actionlint). Today's scan found 8,346 total issues across 178 workflows. A minor regression of +6 zizmor findings (vs yesterday) was detected, including 5 new High-severity unpinned-uses and 1 new High-severity github-env finding. All poutine and actionlint counts are stable. The untrusted_checkout_exec issue in smoke-workflow-call workflows remains unresolved for day 13.

Analysis Summary

• Tools Used: zizmor, poutine, actionlint
• Workflows Scanned: 178
• Workflows Affected: 178 (all have at least one zizmor finding)
• Total Findings: 8,346 (4,367 actionlint + 3,960 zizmor + 19 poutine)
• Compiler Warnings: 25

Findings by Tool

Tool	Total	Critical	High	Medium	Low	Info/Note
zizmor (security)	3,960	0	30	3,861	20	49
poutine (supply chain)	19	0	0	0	0	19
actionlint (linting)	4,367	—	—	—	—	—

vs Yesterday (2026-03-26)

Metric	Yesterday	Today	Delta
Workflows	178	178	0
Actionlint	4,367	4,367	0
Zizmor	3,954	3,960	+6 ⚠️
Poutine	19	19	0
Compiler warnings	25	25	0

---

Clustered Findings by Tool and Type

Zizmor Security Findings

Issue Type	Severity	Count	Affected Workflows
secrets-outside-env	Medium	3,859	All 178
template-injection (High)	High	24	25 workflows
template-injection (Informational)	Informational	49	multiple
unpinned-uses	High	5	multiple
github-env	High	1	dev-hawk
obfuscation	Low	20	multiple
artipacked	Medium	1	1 workflow
secrets-inherit	Medium	1	smoke-call-workflow

Total High severity zizmor findings: 30 across 26 affected workflows.

Poutine Supply Chain Findings

Issue Type	Severity	Count	Affected Workflows
untrusted_checkout_exec	Error	6	smoke-workflow-call, smoke-workflow-call-with-inputs
github_action_from_unverified_creator_used	Note	7	copilot-setup-steps, daily-copilot-token-report, mcp-inspector, smoke-codex, super-linter, link-check
unverified_script_exec	Note	2	copilot-setup-steps, daily-copilot-token-report
unpinnable_action	Note	2	.github/actions/daily-perf-improver, .github/actions/daily-test-improver
pr_runs_on_self_hosted	Warning	2	smoke-copilot-arm, dev

Actionlint Linting Issues

Issue Type	Count	Description
shellcheck (SC2086)	4,130	Unquoted $RUNNER_TEMP variable in run: commands
shellcheck (SC2129)	173	Consecutive individual redirects (style)
permissions	41	Unknown copilot-requests permission scope
runner-label	12	Unknown runner label
expression	11	Property not defined in output object type

---

Top Priority Issues

1. Secrets Referenced Outside Dedicated Environment (secrets-outside-env)

• Tool: zizmor
• Count: 3,859 findings
• Severity: Medium
• Affected: All 178 workflows
• Description: Secrets are used directly in job/step contexts rather than being mapped to a dedicated env: block. This can expose secret values in logs or to other steps.
• Impact: Secrets leaked into environment variables outside of a scoped env: block may be accessible to other steps or logged in certain contexts.
• Reference: (docs.zizmor.sh/redacted)

2. Template Injection via Template Expansion (High)

• Tool: zizmor
• Count: 24 High-severity findings
• Severity: High
• Affected: 25 workflows including audit-workflows, copilot-pr-nlp-analysis, copilot-session-insights, daily-code-metrics, daily-copilot-token-report, daily-firewall-report, daily-integrity-analysis, daily-issues-report, daily-multi-device-docs-tester, daily-news, daily-performance-summary, daily-repo-chronicle, deep-report, dev-hawk, docs-noob-tester, github-mcp-structural-analysis, org-health-report, poem-bot, portfolio-analyst, python-data-charts, stale-repo-identifier, technical-doc-writer, unbloat-docs, weekly-editors-health-check, weekly-issue-summary
• Description: GitHub Actions expressions ($\{\{ ... }}) are expanded directly in run: scripts, enabling potential code injection if the expression evaluates untrusted content.
• Impact: An attacker who can control input data (e.g., PR title, issue body) could inject arbitrary shell commands.
• Reference: (docs.zizmor.sh/redacted)

3. Untrusted Checkout Execution (Poutine - Unresolved Day 13)

• Tool: poutine
• Count: 6 errors
• Severity: Error
• Affected: smoke-workflow-call, smoke-workflow-call-with-inputs
• Description: Workflow executes bash scripts after checking out untrusted code from a PR, allowing arbitrary code execution by pull request authors.
• Impact: Supply chain compromise — any PR author can execute arbitrary code in the CI environment.
• Note: Despite # poutine:ignore untrusted_checkout_exec comments, the findings persist. This issue has been open for 13 consecutive days.

4. Unknown copilot-requests Permission Scope (Actionlint)

• Tool: actionlint
• Count: 41 findings
• Severity: Error (linting)
• Affected: 41 workflows using GitHub Copilot engine
• Description: The copilot-requests: write permission scope is not recognized by actionlint's known permission list. This is likely a new/custom scope for GitHub Copilot that actionlint doesn't yet know about.
• Note: This is a false positive — the scope is intentional for Copilot workflows.

5. Unquoted $RUNNER_TEMP Variable (SC2086)

• Tool: actionlint / shellcheck
• Count: 4,130 findings across 178 workflows
• Severity: Info (shellcheck style)
• Description: \$\{RUNNER_TEMP} is used without double-quoting in shell scripts, risking word splitting if the path contains spaces.
• Note: RUNNER_TEMP is a GitHub-managed path unlikely to contain spaces, so this is low actual risk.

---

Fix Suggestion for template-injection (High Severity)

Issue: Code injection via GitHub Actions template expansion
Severity: High
Affected Workflows: 25 workflows

Prompt to Copilot Agent:

You are fixing a High-severity security vulnerability identified by zizmor in GitHub Actions workflows.

**Vulnerability**: template-injection — Code Injection via Template Expansion
**Rule**: template-injection
**Reference**: (docs.zizmor.sh/redacted)

**Current Issue**:
GitHub Actions expressions ($\{\{ ... }}) are directly interpolated into `run:` shell scripts.
If the expression evaluates to an untrusted value (e.g., PR title, issue body, user input),
an attacker can inject shell commands that execute in the CI runner.

Example of vulnerable code:
```yaml
- name: Write Safe Outputs Config
  run: |
    echo "$\{\{ steps.some_step.outputs.result }}" > config.json

Required Fix:
Never interpolate ${{ ... }} expressions directly in run: scripts.
Instead, assign the value to an environment variable in the env: block,
then reference it as a shell variable (prefixed with $) in the script.

Step-by-step:

1. Find all run: steps in the workflow that contain $\{\{ ... }} expressions
2. Move each expression to a named variable in an env: block on the same step
3. Replace the $\{\{ ... }} in the script with the $VARIABLE_NAME shell reference

Example Fix:

Before (vulnerable):

- name: Write Safe Outputs Config
  run: |
    echo "$\{\{ steps.some_step.outputs.result }}" > config.json
    cat "$\{\{ github.workspace }}/data.txt"

After (safe):

- name: Write Safe Outputs Config
  env:
    STEP_RESULT: $\{\{ steps.some_step.outputs.result }}
    WORKSPACE: $\{\{ github.workspace }}
  run: |
    echo "$STEP_RESULT" > config.json
    cat "$WORKSPACE/data.txt"

Please apply this fix to all affected workflow files:

• audit-workflows.md
• copilot-pr-nlp-analysis.md
• copilot-session-insights.md
• daily-code-metrics.md
• daily-copilot-token-report.md
• daily-firewall-report.md
• daily-integrity-analysis.md
• daily-issues-report.md
• daily-multi-device-docs-tester.md
• daily-news.md
• daily-performance-summary.md
• daily-repo-chronicle.md
• deep-report.md
• dev-hawk.md
• docs-noob-tester.md
• github-mcp-structural-analysis.md
• org-health-report.md
• poem-bot.md
• portfolio-analyst.md
• python-data-charts.md
• stale-repo-identifier.md
• technical-doc-writer.md
• unbloat-docs.md
• weekly-editors-health-check.md
• weekly-issue-summary.md

After fixing the .md files, run gh aw compile to regenerate the .lock.yml files
and verify that zizmor no longer reports template-injection findings.

---

<details>
<summary><b>Detailed Poutine Findings</b></summary>

#### smoke-workflow-call and smoke-workflow-call-with-inputs
- **untrusted_checkout_exec** (×6): Bash scripts executed after checkout of untrusted PR code
  - Lines 179, 285, 290 in smoke-workflow-call-with-inputs
  - Lines 182, 285, 290 in smoke-workflow-call
  - Note: `# poutine:ignore` comments are present but findings still reported

#### External Actions from Unverified Creators (7 findings)
- `astral-sh/setup-uv` — used in copilot-setup-steps, daily-copilot-token-report, mcp-inspector
- `actions-ecosystem/action-add-labels` — used in smoke-codex
- `super-linter/super-linter` — used in super-linter
- `gaurav-nelson/github-action-markdown-link-check` (×2) — used in link-check

#### Unverified Script Execution (2 findings)
- `curl ... | bash` pattern in copilot-setup-steps and daily-copilot-token-report
  - Fetching install-gh-aw.sh from raw.githubusercontent.com and piping to bash

#### Self-Hosted Runners (2 findings)
- `smoke-copilot-arm`: runs-on `ubuntu-24.04-arm`
- `dev`: runs-on `aw-gpu-runner-T4`

</details>

<details>
<summary><b>Zizmor github-env Finding (dev-hawk)</b></summary>

**File**: dev-hawk.lock.yml, line 1208
**Issue**: `github-env` — Dangerous use of GITHUB_ENV environment file
**Severity**: High
**Description**: Writing to `$GITHUB_ENV` from a shell script can allow environment variable injection if the script processes untrusted content. An attacker could inject environment variables read by subsequent steps.

```yaml
- name: ghes-host-config
  shell: bash
  run: |
    # Derive GH_HOST from GITHUB_SERVER_URL so the gh CLI targets the correct
    # GitHub instance (GHES/GHEC). On github.com this is a harmless no-op.
    echo "GH_HOST=..." >> $GITHUB_ENV

Reference: (docs.zizmor.sh/redacted)

Actionlint Findings Detail

shellcheck SC2086 — Unquoted Variables (4,130 findings across all 178 workflows)

Pattern: bash \$\{RUNNER_TEMP}/gh-aw/actions/... — $RUNNER_TEMP should be "\$\{RUNNER_TEMP}"
These are generated from the compiled lock files' action invocations.

shellcheck SC2129 — Consecutive Redirects (173 findings)

Pattern: Multiple echo ... >> file statements. Suggestion to use { cmd1; cmd2; } >> file.

permissions — Unknown copilot-requests scope (41 findings)

41 Copilot workflows declare copilot-requests: write. This is a Copilot-specific permission scope not recognized by actionlint's schema. Likely a false positive.

expression — Output property not defined (11 findings)

Pattern: needs.activation.outputs.activated — the activated property is not declared in the outputs type schema for the activation job. Seen in ace-editor and other workflows.

runner-label — Unknown runner labels (12 findings)

Custom or self-hosted runner labels unknown to actionlint.

---

Historical Trends

Date	Actionlint	Zizmor	Poutine	Compiler Warnings
2026-03-24	4,370	3,953	19	17
2026-03-25	4,368	3,953	19	17
2026-03-26	4,367	3,954	19	25
2026-03-27	4,367	3,960	19	25

• Actionlint has been gradually improving (4,370 → 4,367 over 4 days)
• Zizmor shows slight regression today (+6), driven by new High-severity findings
• Poutine counts stable but untrusted_checkout_exec unresolved for 13 days
• Compiler warnings stabilized at 25 after spike on 2026-03-26

Recommendations

1. Immediate (High severity): Fix template-injection in 25 workflows — use the Copilot agent prompt above
2. Immediate (High severity): Review github-env usage in dev-hawk.md and sanitize GITHUB_ENV writes
3. Urgent (Ongoing 13 days): Investigate untrusted_checkout_exec in smoke-workflow-call workflows — poutine:ignore comments are not suppressing the findings
4. Short-term: Address unpinned-uses (5 High severity) — pin external action SHA references
5. Short-term: Review self-hosted runner usage (smoke-copilot-arm, dev) for supply chain risk
6. Long-term: Address systemic secrets-outside-env pattern — affects all 178 workflows
7. Maintenance: The copilot-requests permission scope warning in actionlint (41 findings) should be reported upstream to rhysd/actionlint for schema update

Next Steps

• Apply template-injection fix prompt to 25 affected workflows
• Investigate why poutine:ignore comments aren't suppressing untrusted_checkout_exec
• Fix github-env usage in dev-hawk.md
• Pin unpinned-uses (5 High) external actions to SHA
• File issue on rhysd/actionlint for copilot-requests permission scope

References:

• §23664251532
• Previous scan §23614592028

AI generated by Static Analysis Report · history

• expires on Mar 28, 2026, 7:46 PM UTC

[github-actions[bot]]

This discussion was automatically closed because it expired on 2026-03-28T19:46:54.344Z.

Closed by Workflow