🔍 Static Analysis Report - November 16, 2025

[github-actions[bot]]

🔍 Static Analysis Report - November 16, 2025

Overview

Comprehensive static analysis scan completed on all 84 agentic workflow files using three security tools: zizmor (security scanner), poutine (supply chain security), and actionlint (workflow linter).

Key Findings Summary

• Total Workflows Scanned: 84
• Workflows with Security Issues: 3
• Total Security Findings: 6 (High severity)
• Critical Issues Requiring Immediate Attention: 2 workflows with dangerous triggers

Analysis Summary

Tools Used

Tool	Purpose	Findings
zizmor	GitHub Actions security scanner	6 findings (5 High, 1 Low)
poutine	Supply chain security analyzer	1 info (outdated action SHA)
actionlint	Workflow syntax and best practices	1 warning (missing permissions)

Findings by Severity

Severity	Count	Status
🔴 High	5	Requires immediate attention
🟡 Medium	0	-
🔵 Low	1	Monitor
ℹ️ Info	2	Nice to fix

Detailed Findings by Tool

🔴 Zizmor Security Findings

1. Dangerous Triggers (High Severity) - CRITICAL

Issue Type: dangerous-triggers
Severity: High
Affected Workflows: 2
Reference: (redacted)#dangerous-triggers

Workflow	Location
ci-doctor	.github/workflows/ci-doctor.lock.yml:49:1
dev-hawk	.github/workflows/dev-hawk.lock.yml:39:1

Description: Use of the workflow_run trigger, which is fundamentally insecure. This trigger runs in the context of the default branch but receives information from potentially untrusted sources (e.g., pull requests from forks).

Security Impact:

• Code injection via untrusted workflow context data
• Privilege escalation from pull request context to main branch context
• Potential secret exfiltration

Priority: 🔴 CRITICAL - Fix immediately

---

2. Template Injection - High Severity (High Severity)

Issue Type: template-injection
Severity: High
Affected Workflows: 1
Reference: (redacted)#template-injection

Workflow	Location	Occurrences
cloclo	.github/workflows/cloclo.lock.yml:2315:9	3

Description: Code injection vulnerability via GitHub Actions template expansion. Untrusted data from GitHub context variables is being used in a way that could allow code injection.

Security Impact:

• Attackers can inject malicious code through template variables
• Could lead to arbitrary command execution
• Potential for data exfiltration

Priority: 🔴 HIGH - Fix soon

---

3. Template Injection - Low Severity (Low Severity)

Issue Type: template-injection
Severity: Low
Affected Workflows: 1
Reference: (redacted)#template-injection

Workflow	Location
mcp-inspector	.github/workflows/mcp-inspector.lock.yml:1132:9

Description: Low-risk template injection due to controlled context or limited exposure.

Security Impact: Limited injection risk due to controlled context

Priority: 🔵 LOW - Monitor

---

ℹ️ Poutine Supply Chain Findings

Outdated Actions

Issue Type: outdated-actions
Severity: Info
Affected Workflows: 2

Workflow	Details
dev	actions/github-script@v8 has newer SHA: 60a0d83 → ed59741
test-ollama-threat-detection	actions/github-script@v8 has newer SHA: 60a0d83 → ed59741

Recommendation: Update action to use the latest commit SHA for security patches

Priority: ℹ️ INFO - Update when convenient

---

⚠️ Actionlint Findings

Missing Permissions

Issue Type: missing-permissions
Severity: Warning
Affected Workflows: 1

Workflow	Missing Permissions
docs-noob-tester	issues: read, pull-requests: read

Description: Workflow uses GitHub toolsets that require specific permissions, but these permissions are not declared in the workflow frontmatter.

Impact: May cause runtime failures or request excessive permissions

Priority: ⚠️ WARNING - Fix to prevent runtime issues

---

Clustered Findings by Issue Type

By Tool

Zizmor (Security):
├── dangerous-triggers: 2 workflows (High)
├── template-injection: 1 workflow, 3 occurrences (High)
└── template-injection: 1 workflow (Low)

Poutine (Supply Chain):
└── outdated-actions: 2 workflows (Info)

Actionlint (Linting):
└── missing-permissions: 1 workflow (Warning)

By Severity Distribution

Severity	Zizmor	Poutine	Actionlint	Total
High	5	0	0	5
Medium	0	0	0	0
Low	1	0	0	1
Info/Warning	0	1	1	2

---

Top Priority Issues

1. Dangerous Triggers in CI/CD Workflows

Workflows: ci-doctor, dev-hawk
Severity: 🔴 High
Count: 2 workflows
Impact: Critical security vulnerability

These workflows use workflow_run trigger which creates a security risk. The trigger executes in a privileged context but processes data from potentially untrusted sources.

2. Template Injection in cloclo Workflow

Workflow: cloclo
Severity: 🔴 High
Count: 3 occurrences
Impact: Code injection risk

Multiple instances of unsafe template variable expansion that could allow attackers to inject malicious code.

---

Fix Recommendation: Dangerous Triggers

Issue: dangerous-triggers (workflow_run)
Severity: High
Affected Workflows: ci-doctor, dev-hawk
Priority: Immediate action required

Understanding the Vulnerability

The workflow_run trigger is flagged as insecure because:

1. It runs with elevated privileges (default branch context)
2. It processes data from potentially untrusted workflows
3. Attackers can craft malicious data in pull requests that gets used by the workflow_run handler

Recommended Fix Options

Option 1: Use Schedule Instead (Recommended)

Replace workflow_run with a schedule trigger that periodically checks for completed workflows using the GitHub API:

on:
  schedule:
    - cron: '0 */6 * * *'  # Run every 6 hours
  workflow_dispatch:  # Allow manual triggers

jobs:
  analyze:
    runs-on: ubuntu-latest
    steps:
      - name: Check recent workflow runs
        uses: actions/github-script@v7
        with:
          script: |
            // Use GitHub API to safely query workflow runs
            const { data: runs } = await github.rest.actions.listWorkflowRuns({
              owner: context.repo.owner,
              repo: context.repo.repo,
              workflow_id: 'perf-improver.yml',
              status: 'completed',
              per_page: 10
            });
            // Process runs safely with full validation

Advantages:

• Eliminates the dangerous trigger entirely
• Still monitors workflow completion
• Can process multiple workflow runs
• No security risk from untrusted data

Option 2: Add Strict Validation (If workflow_run Must Be Used)

If you must keep workflow_run, add comprehensive validation:

on:
  workflow_run:
    workflows:
      - Daily Perf Improver
      - Daily Test Coverage Improver
    types: [completed]
    branches: [main]

permissions:
  contents: read  # Read-only by default
  actions: read   # Only if needed

jobs:
  analyze:
    runs-on: ubuntu-latest
    if: github.event.workflow_run.conclusion == 'failure' || github.event.workflow_run.conclusion == 'success'
    steps:
      - name: Validate workflow run
        run: |
          # Validate ALL data before use
          if [[ "${{ github.event.workflow_run.conclusion }}" =~ ^(success|failure)$ ]]; then
            echo "VALIDATED_CONCLUSION=${{ github.event.workflow_run.conclusion }}" >> $GITHUB_ENV
          else
            echo "Invalid conclusion value"
            exit 1
          fi
          
      # Never use github.event.workflow_run.* directly in bash commands
      # Always validate and sanitize first

Requirements:

• Validate all inputs from github.event.workflow_run.*
• Use minimal permissions (read-only where possible)
• Never expand untrusted data directly into commands
• Add conditional checks to restrict execution

Implementation Steps

1. Review each workflow to understand its purpose
2. Choose the appropriate fix option (schedule preferred)
3. Test thoroughly in a development branch
4. Validate that the security issue is resolved
5. Document the changes in commit messages

---

Full Detailed Findings by Workflow

Workflows with Security Issues

ci-doctor.md

Findings: 1

dangerous-triggers (High)

• Location: .github/workflows/ci-doctor.lock.yml:49:1
• Severity: High
• Description: Use of fundamentally insecure workflow trigger (workflow_run)
• Reference: (redacted)#dangerous-triggers
• Impact: The workflow runs with elevated permissions but processes data from untrusted pull request workflows, creating a code injection and privilege escalation risk

---

dev-hawk.md

Findings: 1

dangerous-triggers (High)

• Location: .github/workflows/dev-hawk.lock.yml:39:1
• Severity: High
• Description: Use of fundamentally insecure workflow trigger (workflow_run)
• Reference: (redacted)#dangerous-triggers
• Impact: Monitors workflows triggered from feature branches (copilot/*), creating potential for malicious code execution from untrusted branches

---

cloclo.md

Findings: 3

template-injection (High) - 3 occurrences

• Location: .github/workflows/cloclo.lock.yml:2315:9
• Severity: High
• Description: Code injection via template expansion in the "Create prompt" step
• Reference: (redacted)#template-injection
• Impact: Unsafe use of GitHub Actions template variables that could allow attackers to inject malicious code

---

mcp-inspector.md

Findings: 1

template-injection (Low)

• Location: .github/workflows/mcp-inspector.lock.yml:1132:9
• Severity: Low
• Description: Code injection via template expansion in "Setup MCPs" step
• Reference: (redacted)#template-injection
• Impact: Limited injection risk due to controlled context (likely using secrets or controlled variables)

---

dev.md

Findings: 1 (Info)

outdated-actions

• Description: actions/github-script@v8 has newer SHA available
• Current SHA: 60a0d83
• Latest SHA: ed59741
• Recommendation: Update to latest SHA for security patches

---

test-ollama-threat-detection.md

Findings: 1 (Info)

outdated-actions

• Description: actions/github-script@v8 has newer SHA available
• Current SHA: 60a0d83
• Latest SHA: ed59741
• Recommendation: Update to latest SHA for security patches

---

docs-noob-tester.md

Findings: 1 (Warning)

missing-permissions

• Missing: issues: read, pull-requests: read
• Required by: GitHub toolsets (issues, pull_requests)
• Impact: Workflow may fail at runtime or request excessive permissions
• Fix: Add missing permissions to workflow frontmatter

---

Historical Trends

Comparing with previous scan (2025-11-15):

Issue Type	Previous	Current	Change
dangerous-triggers	2	2	→ Same (still present)
template-injection (High)	0	3	⬆️ +3 New finding in cloclo
template-injection (Low)	1	1	→ Same (still present)
missing-permissions	0	1	⬆️ +1 New finding

New Findings Since Last Scan:

• cloclo workflow: 3 High-severity template injection issues discovered
• docs-noob-tester: Missing permissions warning

Persistent Issues:

• dangerous-triggers: Still present in ci-doctor and dev-hawk (action needed)
• template-injection (low): Still present in mcp-inspector

Resolved Issues:

• typist syntax-check: No longer appearing (may have been fixed or workflow updated)

---

Recommendations

Immediate Actions (Priority 1)

1. ✅ Fix dangerous-triggers in ci-doctor and dev-hawk

   • Replace workflow_run with schedule trigger
   • Or add comprehensive validation if workflow_run is required
   • Target: Within 1 week

2. ✅ Fix template-injection in cloclo workflow

   • Review template variable usage at line 2315
   • Add input validation and sanitization
   • Avoid direct expansion of untrusted data
   • Target: Within 2 weeks

Short-term Actions (Priority 2)

3. ⚠️ Add missing permissions to docs-noob-tester

   • Add issues: read and pull-requests: read to workflow frontmatter
   • Target: Next workflow update

4. ℹ️ Update outdated actions

   • Update actions/github-script@v8 to latest SHA (ed59741)
   • Target: Next maintenance cycle

Long-term Actions (Priority 3)

5. 🔵 Monitor template-injection in mcp-inspector

   • Review if additional hardening is needed
   • Consider adding explicit input validation
   • Target: Next security review

6. 📋 Establish automated static analysis

   • Add zizmor, poutine, and actionlint to CI/CD
   • Run on all pull requests that modify workflows
   • Consider pre-commit hooks for workflow changes

7. 📚 Update workflow creation guidelines

   • Document secure patterns for workflow triggers
   • Provide templates for common secure patterns
   • Add security checklist for new workflows

---

Prevention Strategies

For Future Workflows

1. Avoid workflow_run trigger: Use schedule, workflow_dispatch, or workflow_call instead
2. Validate all inputs: Never trust data from github.event.* without validation
3. Use minimal permissions: Apply principle of least privilege
4. Pin action versions: Use commit SHAs instead of tags for actions
5. Regular scanning: Run static analysis tools on all workflow changes

Security Best Practices

• Review workflows for security issues before merging
• Keep actions and workflows up to date
• Monitor for new security advisories
• Document security decisions in workflow comments
• Use security tools as part of CI/CD pipeline

---

Next Steps

• Complete static analysis scan
• Cluster findings by type and severity
• Generate fix recommendations
• Store results in cache memory
• Create issues for critical findings
• Implement fixes for dangerous-triggers
• Implement fixes for template-injection
• Add static analysis to CI/CD pipeline
• Update workflow creation documentation

---

Cache Memory Updated

Analysis results stored in:

• /tmp/gh-aw/cache-memory/security-scans/2025-11-16.json - Today's scan results
• /tmp/gh-aw/cache-memory/vulnerabilities/by-tool.json - Vulnerability patterns by tool
• /tmp/gh-aw/cache-memory/fix-templates/zizmor-dangerous-triggers.md - Fix template for dangerous triggers

---

Summary

This comprehensive static analysis identified 6 security findings across 84 workflows, with 5 High-severity issues requiring immediate attention. The most critical finding is the use of workflow_run trigger in 2 workflows (ci-doctor, dev-hawk), which creates a significant security vulnerability. Additionally, 3 High-severity template injection issues were discovered in the cloclo workflow.

Recommended immediate actions:

1. Migrate ci-doctor and dev-hawk away from workflow_run trigger
2. Fix template injection vulnerabilities in cloclo workflow
3. Address missing permissions in docs-noob-tester

By addressing these findings, we can significantly improve the security posture of our agentic workflows and establish patterns for secure workflow development going forward.

AI generated by Static Analysis Report

[pelikhan]

/plan

[github-actions[bot]]

✅ Agentic Plan Command completed successfully.

[github-actions[bot]]

This discussion was automatically closed because it was created by an agentic workflow more than 1 week ago.