[static-analysis] Report - 2026-04-15

[github-actions]

Analysis Summary

Daily static analysis scan completed on 2026-04-15 across all 191 compiled workflow files.

• Tools Used: zizmor, poutine, actionlint, runner-guard
• Total Findings: 241 (-1 vs. yesterday's 242)
• Workflows Scanned: 191 (compiled: 191)
• Workflows Affected: ~70+

Findings by Tool

Tool	Total	Critical	High	Medium	Low	Info/Note
zizmor (security)	105	0	1	1	21	82
poutine (supply chain)	24	0	0	0	1	23
actionlint (linting)	112	—	—	—	—	—
runner-guard (taint)	0	0	0	0	0	0

Clustered Findings by Tool and Type

Zizmor Security Findings

Issue Type	Severity	Count	Affected Workflows
github-env	High	1	dev-hawk
secrets-inherit	Medium	1	smoke-call-workflow
obfuscation	Low	21	21 workflows (GH_AW_WIKI_NOTE: $\{\{ '' }})
template-injection	Informational	82	~28 workflows (Start MCP Gateway step names)

Poutine Supply Chain Findings

Issue Type	Severity	Count	Affected Workflows
untrusted_checkout_exec	Error	8	smoke-workflow-call, smoke-workflow-call-with-inputs
pr_runs_on_self_hosted	Warning	1	smoke-copilot-arm
github_action_from_unverified_creator_used	Note	8	copilot-token-audit, copilot-token-optimizer, copilot-setup-steps, mcp-inspector, link-check, super-linter, smoke-codex
unverified_script_exec	Note	5	copilot-token-audit, copilot-token-optimizer, copilot-setup-steps
unpinnable_action	Note	2	daily-perf-improver/build-steps, daily-test-improver/coverage-steps

Actionlint Linting Issues

Issue Type	Count	Affected Workflows
permissions — unknown copilot-requests scope	101	~50 workflows (2 jobs each)
expression — undefined output/context properties	11	ace-editor, smoke-claude, smoke-workflow-call, smoke-workflow-call-with-inputs

Runner-Guard Taint Analysis Findings

Runner-Guard Score: N/A — No findings reported (5th consecutive clean run).

Issues created: none (no Critical/High runner-guard findings)

Top Priority Issues

1. github-env — Dangerous Environment File Usage

• Tool: zizmor
• Count: 1
• Severity: High
• Affected: dev-hawk.lock.yml:1353
• Description: A run: step writes to $GITHUB_ENV in a way that may expose it to injection if the written content is influenced by external data (issue bodies, API responses, etc.).
• Impact: Attacker-controlled content written to GITHUB_ENV can inject arbitrary environment variables affecting all subsequent steps in the job.
• Reference: (docs.zizmor.sh/redacted)

2. secrets-inherit — Secrets Unconditionally Inherited

• Tool: zizmor
• Count: 1
• Severity: Medium
• Affected: smoke-call-workflow.lock.yml:888
• Description: Called workflow receives all secrets via secrets: inherit unconditionally.
• Impact: The callee can access all secrets the caller holds, including those not intended for it.
• Reference: (docs.zizmor.sh/redacted)

3. untrusted_checkout_exec — Arbitrary Code Execution

• Tool: poutine
• Count: 8 instances across 2 workflows
• Severity: Error
• Affected: smoke-workflow-call (4x), smoke-workflow-call-with-inputs (4x)
• Description: Bash scripts from \$\{RUNNER_TEMP}/gh-aw/actions/ execute after untrusted code checkout. Note: some steps already have poutine:ignore comments but 8 instances remain unflagged.
• Impact: A malicious PR could tamper with scripts before they are executed.

Fix Suggestion for untrusted_checkout_exec (Most Common New Finding)

Issue: Arbitrary Code Execution from Untrusted Code Changes
Severity: Error (Poutine)
Affected Workflows: 2 (smoke-workflow-call, smoke-workflow-call-with-inputs) — +2 new instances vs. yesterday

Prompt to Copilot Agent:

You are fixing a security vulnerability identified by poutine in GitHub Actions workflows.

**Vulnerability**: `untrusted_checkout_exec` — Arbitrary Code Execution from Untrusted Code Changes
**Rule**: (poutine.dev/redacted)

**Current Issue**:
In `.github/workflows/smoke-workflow-call.md` and `.github/workflows/smoke-workflow-call-with-inputs.md`,
4 additional `bash` execution steps run scripts from the checked-out workspace AFTER an untrusted
code checkout. These steps do NOT have `poutine:ignore` suppression comments.

Specifically flagged (from compiled .lock.yml):
- Line 197: `bash "\$\{RUNNER_TEMP}/gh-aw/actions/save_base_github_folders.sh"`
- Line 224: bash execution block (create_prompt_first.sh)
- Line 325: `bash "\$\{RUNNER_TEMP}/gh-aw/actions/validate_prompt_placeholders.sh"`
- Line 330: `bash "\$\{RUNNER_TEMP}/gh-aw/actions/print_prompt_summary.sh"`

**Required Fix**:
If these scripts run from `\$\{RUNNER_TEMP}` (not the workspace checkout) and are already
downloaded from a trusted, pinned source, add suppression comments:

```yaml
# poutine:ignore untrusted_checkout_exec
run: bash "\$\{RUNNER_TEMP}/gh-aw/actions/save_base_github_folders.sh"
```

If the scripts could be influenced by an untrusted checkout, restructure to fetch
them from a pinned commit SHA before execution, or move them before the checkout step.

Please apply `poutine:ignore untrusted_checkout_exec` comments to the flagged steps in:
- `.github/workflows/smoke-workflow-call.md`
- `.github/workflows/smoke-workflow-call-with-inputs.md`

Only add the suppression if you confirm the scripts at `\$\{RUNNER_TEMP}/gh-aw/actions/`
are fetched from a trusted, pinned source prior to running, not from the PR checkout.

Actionlint Permissions Details (~50 affected workflows)

The copilot-requests: write permission appears in ~50 workflows — likely a false positive since actionlint v1.7.12 does not yet recognize this GitHub-introduced scope. All findings are [permissions] unknown permission scope "copilot-requests".

Affected workflows (partial list): agent-performance-analyzer, archie, architecture-guardian, artifacts-summary, auto-triage-issues, brave, breaking-change-checker, ci-coach, claude-code-user-docs-review, cli-consistency-checker, code-scanning-fixer, copilot-cli-deep-research, copilot-pr-merged-report, copilot-pr-nlp-analysis, copilot-pr-prompt-analysis, copilot-token-audit, copilot-token-optimizer, craft, daily-architecture-diagram, daily-assign-issue-to-user, daily-cli-performance, daily-compiler-quality, daily-file-diet, daily-hippo-learn, daily-malicious-code-scan, daily-mcp-concurrency-analysis, daily-news, daily-repo-chronicle, daily-safe-output-integrator, daily-secrets-analysis, daily-security-red-team, daily-semgrep-scan, daily-syntax-error-quality, daily-testify-uber-super-expert, daily-workflow-updater, dead-code-remover, delight, dev-hawk, dev, dictation-prompt, discussion-task-miner, docs-noob-tester, draft-pr-cleanup, firewall-escape, refactoring-cadence, security-review, smoke-create-cross-repo-pr, smoke-update-cross-repo-pr, spec-extractor, spec-librarian, test-quality-sentinel

Resolution: Wait for actionlint to add copilot-requests to its known permission scopes (expected in a future version), or add per-workflow suppression if needed.

Expression / Undefined Properties (Actionlint, 11 errors)

Workflow	Property	Count
ace-editor	needs.activation.outputs.activated	1
smoke-claude	needs.activation.outputs.artifact_prefix	2
smoke-workflow-call	job.workflow_repository/sha/ref/file_path	4
smoke-workflow-call-with-inputs	job.workflow_repository/sha/ref/file_path	4

The job.workflow_* properties are newer GitHub Actions context fields not yet in actionlint's schema. The activation.outputs.* issues indicate the activation step output schema may need updating in the compiled workflow.

Zizmor Obfuscation Details (Low severity, 21 workflows)

Pattern: GH_AW_WIKI_NOTE: $\{\{ '' }} in env blocks — zizmor flags $\{\{ '' }} as obfuscated usage of GitHub Actions features.

Affected: agent-performance-analyzer, audit-workflows, copilot-agent-analysis, copilot-cli-deep-research, copilot-pr-nlp-analysis, copilot-pr-prompt-analysis, copilot-session-insights, copilot-token-audit, copilot-token-optimizer, daily-cli-performance, daily-code-metrics, daily-news, daily-testify-uber-super-expert, deep-report, delight, discussion-task-miner, firewall-escape, metrics-collector, pr-triage-agent, security-compliance, workflow-health-manager

This is a known false positive for this pattern. The empty-string expression is used as a placeholder/no-op.

Historical Trends

Metric	2026-04-13	2026-04-14	2026-04-15	Delta (today)
Total	235	242	241	-1
Zizmor	107	107	105	-2
Poutine	22	22	24	+2
Actionlint	106	113	112	-1
Runner-guard	0	0	0	0
Workflows compiled	187	191	191	0

Changes vs. Yesterday

Improvements:

• Actionlint: -1 (auto-triage-issues pre-agent syntax error resolved)
• Zizmor: -2 (minor template-injection count reduction)

Regressions:

• Poutine: +2 untrusted_checkout_exec instances in smoke-workflow-call and smoke-workflow-call-with-inputs

Long-term Notable Events

• 2026-04-13: secrets_outside_env massively resolved (4,200+ → 0) — major security improvement
• 2026-04-10 to present: Runner-guard consistently clean (0 findings for 6 consecutive days)
• 2026-04-11: shellcheck issues resolved (182 → 0)

Recommendations

1. Immediate: Fix github-env High severity issue in dev-hawk — use $GITHUB_OUTPUT instead of $GITHUB_ENV for internal step communication
2. Short-term: Address untrusted_checkout_exec (+2 new today) in smoke-workflow-call workflows — add poutine:ignore if scripts are from trusted source, or restructure
3. Short-term: Review secrets-inherit Medium issue in smoke-call-workflow — pass only needed secrets explicitly
4. Informational: 101 copilot-requests permission errors are likely false positives pending actionlint schema update — no action needed
5. Informational: job.workflow_* expression errors are actionlint schema gaps for newer GitHub Actions context properties

Next Steps

• Fix github-env High severity in dev-hawk (use $GITHUB_OUTPUT)
• Add poutine:ignore comments to 8 unflagged untrusted_checkout_exec steps in smoke-workflow-call workflows
• Review smoke-call-workflow secrets: inherit → pass explicit secrets
• Monitor actionlint for copilot-requests scope support (v1.7.13+)

References:

• §24475006204

Generated by Static Analysis Report · ● 306.1K · ◷

• expires on Apr 22, 2026, 7:57 PM UTC