🔒 Zizmor Security Analysis Report - November 2, 2025

[github-actions[bot]]

🔒 Zizmor Security Analysis Report - November 2, 2025

Executive Summary

Today's automated security scan using zizmor identified 18 security findings across 5 workflows. The security posture shows significant improvement compared to previous scans, with total findings down 40% from yesterday and 90.9% from baseline. However, 3 HIGH severity issues remain that require immediate attention.

Key Highlights:

• 67 workflows scanned (up from 65 yesterday)
• 5 workflows affected with security issues
• 3 HIGH severity issues require immediate remediation
• 12 medium severity issues resolved since yesterday (85.7% reduction)
• Strong upward security trend with 96.7% reduction in high severity issues from baseline

Security Scan Summary

Metric	Count	Trend
Total Findings	18	↓ -12 (-40.0%)
Critical	0	✓ No change
High	3	↓ -2 (-40.0%)
Medium	2	↓ -12 (-85.7%)
Low	13	↑ +2 (+18.2%)
Workflows Scanned	67	↑ +2
Workflows Affected	5	→ No change

Clustered Findings by Issue Type

Issue Type	Severity	Count	Affected Workflows
dangerous-triggers	High	3	ci-doctor, dev-hawk, smoke-detector
artipacked	Medium	2	daily-perf-improver, daily-test-improver
template-injection	Low	13	duplicate-code-detector (5), mcp-inspector (1), smoke-codex (5), plus 2 others

Top Priority Issues

1. 🔴 dangerous-triggers (HIGH SEVERITY)

• Count: 3 workflows affected
• Severity: High
• Impact: Privilege escalation, unauthorized secret access, code execution attacks
• Description: Use of workflow_run trigger without branch restrictions allows workflows to be triggered from ANY branch, including potentially malicious fork branches
• Reference: (redacted)#dangerous-triggers

Affected Workflows:

• .github/workflows/ci-doctor.md (.github/workflows/ci-doctor.lock.yml:43)
• .github/workflows/dev-hawk.md (.github/workflows/dev-hawk.lock.yml:35)
• .github/workflows/smoke-detector.md (.github/workflows/smoke-detector.lock.yml:53)

Why This Matters: Workflows triggered by workflow_run execute with elevated permissions and can access repository secrets. Without branch restrictions, malicious actors can create a PR with modified workflows that trigger these security-sensitive workflows.

2. 🟡 artipacked (MEDIUM SEVERITY)

• Count: 2 workflows affected
• Severity: Medium
• Impact: Credential persistence through GitHub Actions artifacts
• Description: Workflow artifacts may inadvertently contain credentials or sensitive data
• Reference: (redacted)#artipacked

Affected Workflows:

• .github/workflows/daily-perf-improver.md (.github/workflows/daily-perf-improver.lock.yml:567)
• .github/workflows/daily-test-improver.md (.github/workflows/daily-test-improver.lock.yml:567)

3. ⚪ template-injection (LOW SEVERITY)

• Count: 13 occurrences across 3 workflows
• Severity: Low
• Impact: Potential code injection via template expansion
• Description: GitHub Actions expressions in workflow files may be vulnerable to injection
• Reference: (redacted)#template-injection

Affected Workflows:

• .github/workflows/duplicate-code-detector.md (5 occurrences at line 1033)
• .github/workflows/mcp-inspector.md (1 occurrence at line 1104)
• .github/workflows/smoke-codex.md (5 occurrences at line 1015)

Fix Suggestion for dangerous-triggers

Priority: IMMEDIATE
Issue: dangerous-triggers - Use of fundamentally insecure workflow trigger
Affected Workflows: 3 workflows

Copilot Agent Remediation Prompt

You are fixing a HIGH SEVERITY security vulnerability identified by zizmor security scanner.

**Vulnerability**: dangerous-triggers - use of fundamentally insecure workflow trigger
**Rule**: (redacted)#dangerous-triggers

**Current Issue**:
Three workflows use `workflow_run` triggers without branch restrictions, allowing them to be triggered 
from ANY branch, including potentially malicious fork branches. This creates a security risk where:
- Malicious PRs can trigger workflows with elevated permissions
- Repository secrets may be exposed to untrusted code
- Write permissions can be exploited

**Affected Workflow Files**:
- .github/workflows/ci-doctor.md
- .github/workflows/dev-hawk.md
- .github/workflows/smoke-detector.md

**Required Fix**:
Add branch restrictions to all `workflow_run` triggers to limit execution to trusted branches only.

**Before (Vulnerable)**:
```yaml
on:
  workflow_run:
    types:
      - completed
    workflows:
      - Daily Perf Improver
      - Daily Test Coverage Improver

After (Secure):

on:
  workflow_run:
    types:
      - completed
    workflows:
      - Daily Perf Improver
      - Daily Test Coverage Improver
    branches:
      - main

Step-by-Step Instructions:

1. Open each affected workflow file (.md format, not .lock.yml)
2. Locate the on: section with workflow_run: trigger
3. Add a branches: section under workflow_run: with the following content:

   branches:
     - main

4. For dev-hawk.md specifically, also include copilot branches if they are trusted:

   branches:
     - main
     - copilot/*

5. Save all changes
6. After fixing, recompile workflows to verify: gh aw compile --zizmor

Expected Result:
After applying the fix and recompiling, the zizmor scanner should no longer report
"dangerous-triggers" errors for these three workflows.

<details>
<summary>Full Report Details - All Findings by Workflow</summary>

## Detailed Findings

### ci-doctor.lock.yml
**Issue**: dangerous-triggers  
**Severity**: High  
**Location**: Line 43, Column 1  
**Description**: Use of fundamentally insecure workflow trigger (workflow_run without branch restrictions)  
**Reference**: (redacted)#dangerous-triggers

**Code Location**:
```yaml
41 | 
42 | name: "CI Failure Doctor"
43 | "on":
     ^^^^
44 |   workflow_run:
45 |     types:

---

dev-hawk.lock.yml

Issue: dangerous-triggers
Severity: High
Location: Line 35, Column 1
Description: Use of fundamentally insecure workflow trigger (workflow_run without branch restrictions)
Reference: (redacted)#dangerous-triggers

Code Location:

33 | 
34 | name: "Dev Hawk"
35 | "on":
     ^^^^
36 |   workflow_run:
37 |     branches:

---

smoke-detector.lock.yml

Issue: dangerous-triggers
Severity: High
Location: Line 53, Column 1
Description: Use of fundamentally insecure workflow trigger (workflow_run without branch restrictions)
Reference: (redacted)#dangerous-triggers

Code Location:

51 | 
52 | name: "Smoke Detector - Smoke Test Failure Investigator"
53 | "on":
     ^^^^
54 |   workflow_run:
55 |     types:

---

daily-perf-improver.lock.yml

Issue: artipacked
Severity: Medium
Location: Line 567, Column 9
Description: Credential persistence through GitHub Actions artifacts
Reference: (redacted)#artipacked

Code Location:

565 |       output_types: ${{ steps.collect_output.outputs.output_types }}
566 |     steps:
567 |       - name: Checkout repository
              ^^^^
568 |         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
569 |       - id: check_build_steps_file

---

daily-test-improver.lock.yml

Issue: artipacked
Severity: Medium
Location: Line 567, Column 9
Description: Credential persistence through GitHub Actions artifacts
Reference: (redacted)#artipacked

Code Location:

565 |       output_types: ${{ steps.collect_output.outputs.output_types }}
566 |     steps:
567 |       - name: Checkout repository
              ^^^^
568 |         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
569 |       - id: check_coverage_steps_file

---

duplicate-code-detector.lock.yml

Issue: template-injection (5 occurrences)
Severity: Low
Location: Line 1033, Column 9
Description: Code injection via template expansion
Reference: (redacted)#template-injection

Code Location:

1031 |           chmod +x /tmp/gh-aw/safeoutputs/mcp-server.cjs
1032 |           
1033 |       - name: Setup MCPs
               ^^^^
1034 |         env:
1035 |           GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }}

---

mcp-inspector.lock.yml

Issue: template-injection
Severity: Low
Location: Line 1104, Column 9
Description: Code injection via template expansion
Reference: (redacted)#template-injection

Code Location:

1102 |           chmod +x /tmp/gh-aw/safeoutputs/mcp-server.cjs
1103 |           
1104 |       - name: Setup MCPs
               ^^^^
1105 |         env:
1106 |           GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }}

---

smoke-codex.lock.yml

Issue: template-injection (5 occurrences)
Severity: Low
Location: Line 1015, Column 9
Description: Code injection via template expansion
Reference: (redacted)#template-injection

Code Location:

1013 |           chmod +x /tmp/gh-aw/safeoutputs/mcp-server.cjs
1014 |           
1015 |       - name: Setup MCPs
               ^^^^
1016 |         env:
1017 |           GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }}

Historical Trends

Comparing today's scan with previous scans shows strong positive security trends:

Comparison: November 1 → November 2, 2025

• Total Findings: 30 → 18 (-12, -40.0%)
• High Severity: 5 → 3 (-2, -40.0%)
• Medium Severity: 14 → 2 (-12, -85.7%) ✓ Excellent improvement
• Low Severity: 11 → 13 (+2, +18.2%)

Comparison: October 31 (Baseline) → November 2, 2025

• Total Findings: 198 → 18 (-180, -90.9%) ✓ Outstanding improvement
• High Severity: 90 → 3 (-87, -96.7%) ✓ Outstanding improvement
• Medium Severity: 22 → 2 (-20, -90.9%) ✓ Outstanding improvement
• Low Severity: 74 → 13 (-61, -82.4%) ✓ Excellent improvement
• Workflows Affected: 48 → 5 (-43, -89.6%) ✓ Outstanding improvement

Trend Analysis

Status: 🟢 IMPROVING - Significant security improvements across all severity levels

Key Improvements:

• 96.7% reduction in high severity issues from baseline
• 85.7% reduction in medium severity issues since yesterday
• 89.6% reduction in affected workflows since baseline
• Only 5 workflows now have security findings (down from 48 at baseline)

Persistent Issues:

• dangerous-triggers: Still present in 3 workflows (requires immediate attention)
• artipacked: Still present in 2 workflows (medium priority)
• template-injection: Increased from 11 to 13 occurrences (low severity, acceptable)

Recommendations

Immediate Actions (This Week)

1. ✅ Fix dangerous-triggers vulnerabilities in ci-doctor, dev-hawk, and smoke-detector workflows

   • Add branch restrictions to workflow_run triggers
   • Priority: HIGH - Security risk of privilege escalation
   • Estimated effort: 15 minutes

2. ⚠️ Review artipacked findings in daily-perf-improver and daily-test-improver

   • Audit artifact contents for sensitive data
   • Add artifact sanitization if needed
   • Priority: MEDIUM
   • Estimated effort: 30 minutes

Short-term Actions (Next 2 Weeks)

3. 🔍 Investigate template-injection warnings in 3 workflows

   • Review template expansion safety
   • Consider input validation improvements
   • Priority: LOW (but good to address)
   • Estimated effort: 1 hour

4. 📋 Update workflow creation guidelines

   • Document secure workflow_run usage patterns
   • Add pre-compilation security checklist
   • Create secure workflow templates

Long-term Actions (Next Month)

5. 🤖 Automate security scanning in CI/CD pipeline

   • Add zizmor check to pre-commit hooks or CI
   • Block merges with high severity findings
   • Set up automated security alerts

6. 📚 Security training and awareness

   • Share zizmor findings with team
   • Review GitHub Actions security best practices
   • Document lessons learned

Next Steps

• Apply fix for dangerous-triggers to 3 affected workflows
• Recompile workflows and verify fix: gh aw compile --zizmor
• Review artipacked findings in performance improvement workflows
• Schedule follow-up scan for November 3, 2025
• Track security trend in next week's report

Scan Metadata

• Scan Date: November 2, 2025
• Scanner: zizmor (via gh-aw MCP server)
• Workflows Scanned: 67
• Scan Duration: ~2 minutes
• Workflow Run: §19010077395

---

Generated by: Zizmor Security Analyzer (Claude Agent)
Next Scan: Scheduled for November 3, 2025 at 09:00 UTC
Report Format: Automated security analysis with manual review recommendations

AI generated by Zizmor Workflow Security Analyzer

[github-actions[bot]]

This discussion was automatically closed because it was created by an agentic workflow more than 1 week ago.