🔒 Zizmor Security Analysis Report - November 1, 2025

[github-actions[bot]]

🔒 Zizmor Security Analysis Report - November 1, 2025

This report presents findings from today's automated security scan of all agentic workflow files using the zizmor security scanner. The scan identified 115 security findings across 65 workflows, with the majority being High severity template injection vulnerabilities.

Executive Summary

The security posture remains stable compared to the previous scan on October 31, with 115 findings across 4 vulnerability types. The most critical issue is template injection affecting 27 workflows with 96 findings. This vulnerability allows potential code injection attacks through untrusted GitHub context variables. Immediate action is recommended for High severity findings.

Full Security Analysis Report

Security Scan Statistics

• Total Findings: 115
• Critical: 0
• High: 99 (86%)
• Medium: 16 (14%)
• Low: 0
• Workflows Scanned: 65
• Workflows Affected: 35
• Scan Tool: zizmor v1.16.1
• Scan Date: 2025-11-01 (redacted) UTC

Severity Distribution

High:     ████████████████████████████████████████████████ 99 (86%)
Medium:   ████████ 16 (14%)
Low:      0 (0%)
Critical: 0 (0%)

Clustered Findings by Issue Type

Issue Type	Severity	Count	Affected Workflows	Confidence
template-injection	High	96	27	High
dangerous-triggers	High	3	3	Medium
excessive-permissions	Medium	13	8	High
artipacked	Medium	3	3	Low

---

Top Priority Issues

1. Template Injection (HIGHEST PRIORITY)

Severity: High | Confidence: High | Count: 96 findings

Template injection is the most prevalent and dangerous vulnerability in our workflows. This occurs when untrusted input from GitHub context (like github.actor, github.event.inputs.*, or needs.*.outputs.*) is used directly in shell commands via template expansion ${{ }}.

Why This Matters:

• Attackers can inject arbitrary shell commands
• Potential for secret exfiltration
• Repository compromise possible
• CI/CD pipeline manipulation

Affected Workflows (27 total):

• brave.md (multiple findings)
• changeset-generator.firewall.md
• ci-doctor.md
• commit-changes-analyzer.md
• craft.md
• daily-perf-improver.md
• daily-test-improver.md
• dev-hawk.md
• duplicate-code-detector.md
• firewall.md
• go-pattern-detector.md
• issue-classifier.md
• mcp-inspector.md
• mergefest.md
• notion-issue-summary.md
• pdf-summary.md
• plan.md
• poem-bot.md
• q.md
• research.md
• scout.md
• security-fix-pr.md
• smoke-codex.md
• smoke-detector.md
• technical-doc-writer.md
• unbloat-docs.md
• video-analyzer.md

Reference: (redacted)/audits/#template-injection

---

2. Dangerous Triggers

Severity: High | Confidence: Medium | Count: 3 findings

The workflow_run trigger is fundamentally insecure because it runs workflows in the context of the base branch (often main) even when triggered by untrusted PR code. This gives untrusted code access to secrets and elevated permissions.

Affected Workflows:

• ci-doctor.md
• dev-hawk.md
• smoke-detector.md

Reference: (redacted)/audits/#dangerous-triggers

---

3. Excessive Permissions

Severity: Medium | Confidence: High | Count: 13 findings

Workflows requesting overly broad permissions violate the principle of least privilege. Many workflows have write permissions when read would suffice, increasing the potential damage if compromised.

Affected Workflows (8 total):

• ci-doctor.md
• copilot-agent-analysis.md
• copilot-pr-prompt-analysis.md
• daily-news.md
• daily-perf-improver.md
• daily-test-improver.md
• smoke-detector.md
• technical-doc-writer.md

Reference: (redacted)/audits/#excessive-permissions

---

4. Artipacked

Severity: Medium | Confidence: Low | Count: 3 findings

Potential credential persistence through GitHub Actions artifacts. Artifacts may inadvertently contain sensitive data like GitHub tokens or credentials.

Affected Workflows:

• daily-perf-improver.md
• daily-test-improver.md
• unbloat-docs.md

Reference: (redacted)/audits/#artipacked

---

Detailed Fix Suggestions

Fix Template Injection (Priority 1)

Template injection is the most critical issue requiring immediate attention. The fix involves moving untrusted expressions from (redacted) blocks to the (redacted) section.

The Problem:

- name: Process input
  run: |
    echo "User: ${{ github.actor }}"
    ./script.sh "${{ github.event.inputs.topic }}"

The Solution:

- name: Process input
  env:
    GITHUB_ACTOR: ${{ github.actor }}
    TOPIC: ${{ github.event.inputs.topic }}
  run: |
    echo "User: $GITHUB_ACTOR"
    ./script.sh "$TOPIC"

Why This Works:

• Template expansion happens in the `(redacted) section (safe)
• Shell variables are used in `(redacted) blocks (safe)
• Prevents command injection through special characters

Copilot Agent Prompt for Template Injection:

Fix template injection security vulnerabilities in the workflow files.

**Security Issue**: Template Injection (High Severity)
**Rule**: template-injection
**Reference**: (redacted)/audits/#template-injection

**Problem**:
Untrusted data from GitHub context (like `github.actor`, `github.event.inputs.*`,
`needs.*.outputs.*`) is being used directly in shell commands via template expansion
`${{ }}`. This allows attackers to inject arbitrary shell commands.

**Required Fix**:
1. Identify all `(redacted) blocks that use `${{ }}` template expansion
2. For each vulnerable expression:
   a. Add it to the step's `(redacted) section with an appropriate variable name
   b. Replace the `${{ expression }}` in the run block with `$VAR_NAME`
   c. Use double quotes around variable references for safety: `"$VAR_NAME"`

**Example Transformation**:

Before (UNSAFE):
```yaml
- name: Process input
  run: |
    echo "User: ${{ github.actor }}"
    ./script.sh "${{ github.event.inputs.topic }}"

After (SAFE):

- name: Process input
  env:
    GITHUB_ACTOR: ${{ github.actor }}
    TOPIC: ${{ github.event.inputs.topic }}
  run: |
    echo "User: $GITHUB_ACTOR"
    ./script.sh "$TOPIC"

Priority Expressions to Fix:

• github.actor
• github.event.inputs.*
• needs.*.outputs.*
• github.event.workflow_run.*
• github.event.head_commit.*

Important Notes:

• Do NOT remove the template expansion (${{ }}), just move it to the env: section
• Keep the `(redacted) section with existing environment variables, just add new ones
• Use clear, descriptive variable names (uppercase with underscores)
• Always quote variable references in shell commands

Affected Workflows (27 workflows total - see list above)

After fixing, recompile workflows with gh aw compile and verify template-injection findings are resolved.

**Full Fix Documentation**: Available in `/tmp/gh-aw/cache-memory/fix-templates/template-injection.md`

---

## Historical Trends

Comparing with previous scans from our cache memory:

| Date | Total Findings | High Severity | Medium Severity | Workflows Scanned |
|------|---------------|---------------|-----------------|-------------------|
| 2025-10-31 (early) | 198 | 90 | 22 | 63 |
| 2025-10-31 (late) | 115 | 99 | 16 | 63 |
| 2025-11-01 (current) | 115 | 99 | 16 | 65 |

**Trend Analysis**:
- ✅ **Major improvement**: 198 → 115 findings (42% reduction on Oct 31)
- ✅ **Stable**: Findings remain at 115 (no regression)
- ⚠️ **High severity increased**: More findings classified as High (focus on template-injection)
- 📈 **Workflow coverage**: 2 additional workflows scanned (+3%)

**Status**: The security posture has significantly improved from the early October baseline and remains stable. The increase in High severity findings is due to better classification of template-injection vulnerabilities, which is the correct prioritization.

---

## Recommendations

### Immediate Actions (This Week)

1. ✅ **Fix Template Injection Issues**
   - Priority: CRITICAL
   - Affected: 27 workflows with 96 findings
   - Use the provided fix template and Copilot agent prompt
   - Start with workflows that process user input (e.g., `brave`, `craft`, `plan`, `q`)

2. ✅ **Address Dangerous Triggers**
   - Priority: HIGH
   - Affected: 3 workflows (ci-doctor, dev-hawk, smoke-detector)
   - Add branch filtering to restrict `workflow_run` to trusted branches
   - Consider runtime validation

### Short-term Actions (This Month)

3. ⚠️ **Reduce Excessive Permissions**
   - Priority: MEDIUM
   - Affected: 8 workflows with 13 findings
   - Audit each workflow's actual needs
   - Downgrade `write` to `read` where possible
   - Document why write permissions are needed when they are

4. ⚠️ **Harden Artifact Uploads**
   - Priority: MEDIUM-LOW (Low confidence finding)
   - Affected: 3 workflows
   - Add exclusion patterns for sensitive files
   - Reduce retention periods where appropriate

### Long-term Actions (This Quarter)

5. 🔄 **Establish Continuous Security Monitoring**
   - Automate daily zizmor scans (already in place ✅)
   - Create alerts for new High severity findings
   - Track remediation progress over time

6. 📚 **Update Development Guidelines**
   - Document secure workflow patterns
   - Add pre-commit hooks for workflow validation
   - Create workflow templates with security best practices

7. 🎓 **Team Training**
   - Share this report with the team
   - Review common vulnerability patterns
   - Establish secure workflow development practices

---

## Prevention Best Practices

### For Template Injection
- ✅ **Always use `(redacted) section** for untrusted data
- ✅ **Never use `${{ }}` directly in `(redacted) blocks** for user-controlled values
- ✅ **Quote shell variables**: Use `"$VAR"` not `$VAR`

### For Dangerous Triggers
- ✅ **Avoid `workflow_run`** when possible
- ✅ **Add branch filtering** to restrict to trusted branches
- ✅ **Validate inputs** from `github.event.workflow_run.*`

### For Excessive Permissions
- ✅ **Default to read-only** - Start minimal and add as needed
- ✅ **Document permission needs** - Comment why write access is required
- ✅ **Review regularly** - Audit permissions quarterly

### For Artipacked
- ✅ **Add exclusion patterns** for sensitive files
- ✅ **Reduce retention** - Use shorter periods (1-7 days)
- ✅ **Clean before upload** - Remove sensitive directories

---

## Additional Resources

### Fix Templates
Detailed fix guides have been created in cache memory:
- `/tmp/gh-aw/cache-memory/fix-templates/template-injection.md`
- `/tmp/gh-aw/cache-memory/fix-templates/dangerous-triggers.md`
- `/tmp/gh-aw/cache-memory/fix-templates/excessive-permissions.md`
- `/tmp/gh-aw/cache-memory/fix-templates/artipacked.md`

### External Documentation
- [Zizmor Documentation]((redacted)/)
- [GitHub Actions Security Hardening]((redacted)/en/actions/security-guides/security-hardening-for-github-actions)
- [GitHub Security Lab Research]((redacted)/research/github-actions-preventing-pwn-requests/)

### Historical Data
- Scan summaries: `/tmp/gh-aw/cache-memory/security-scans/`
- Vulnerability tracking: `/tmp/gh-aw/cache-memory/vulnerabilities/`
- Trend analysis: `/tmp/gh-aw/cache-memory/vulnerabilities/trends.json`

</details>

---

## Next Steps

- [ ] Review this security analysis report
- [ ] Prioritize fixing template-injection vulnerabilities (96 findings across 27 workflows)
- [ ] Apply dangerous-triggers fixes (3 workflows)
- [ ] Audit and reduce excessive-permissions (8 workflows)
- [ ] Consider hardening artifact uploads (3 workflows)
- [ ] Track remediation progress in future scans

---

**Scan Information**:
- **Scan Tool**: zizmor v1.16.1
- **Scan Date**: 2025-11-01 (redacted) UTC
- **Workflows Scanned**: 65
- **Total Findings**: 115
- **Automated**: Daily scheduled scan

**Report Generated**: November 1, 2025 by Zizmor Security Analyzer Agent


> AI generated by [Zizmor Workflow Security Analyzer](https://github.com/githubnext/gh-aw/actions/runs/18989051671)

[github-actions[bot]]

This discussion was automatically closed because it was created by an agentic workflow more than 1 week ago.