[static-analysis] Report - 2026-05-12

[github-actions]

Analysis Summary

• Tools Used: zizmor, poutine, actionlint, runner-guard
• Workflows Scanned: 219
• Total Findings: 2,903
• Compile Status: ✅ 219 workflows compiled successfully (0 errors, 19 warnings)

Findings by Tool

Tool	Total	Critical	High	Medium	Low	Info
zizmor (security)	71	0	2	3	26	39
poutine (supply chain)	17	0	8 (errors)	0	1	8 (notes)
actionlint (linting)	984	-	-	-	-	-
runner-guard (taint analysis)	1,831	0	1,777	54	0	0

Note on duplicates: Per the dedup-by-rule-and-file policy established in #31043, no new individual runner-guard issues were created this run. All current High-severity RGS rules (RGS-004, RGS-012, RGS-018) for the affected files are covered by previously-filed-and-closed issues. Yesterday's report: #31435.

Clustered Findings

Runner-Guard Taint Analysis

Rule ID	Name	Severity	Count	Unique Workflows
RGS-004	Comment-Triggered Workflow Without Author Authorization Check	High	1,739	18
RGS-005	Excessive Permissions on Untrusted Trigger	Medium	54	17
RGS-018	Suspicious Payload Execution Pattern	High	29	29
RGS-012	Secret Exfiltration via Outbound HTTP Request	High	9	5

Issues created this run: none — see deduplication note above. Existing coverage:

• RGS-004 → [static-analysis] RGS-004: Comment-Triggered Workflow Without Author Authorization Check #30077, [static-analysis] RGS-004: Comment-Triggered Workflow Without Author Authorization Check (16 workflows) #30284, [static-analysis] RGS-004: Comment-Triggered Workflow Without Author Authorization Check in pr-nitpick-reviewer.lock.yml #30778, [static-analysis] RGS-004: Comment-Triggered Workflow Without Author Authorization Check in brave.lock.yml #30945, [static-analysis] RGS-004: Comment-Triggered Workflow Without Author Authorization Check in scout.lock.yml #29158, [static-analysis] RGS-004: Comment-Triggered Workflow Without Author Authorization Check #29460, [static-analysis] RGS-004: Comment-Triggered Workflow Without Author Authorization Check in 16 workflows #29694, [static-analysis] RGS-004: Comment-Triggered Workflow Without Author Authorization Check in 16 workflows #28156
• RGS-012 → [static-analysis] RGS-012: Secret Exfiltration via Outbound HTTP Request in daily-model-inventory #30079, [static-analysis] RGS-012: Secret Exfiltration via Outbound HTTP Request (4 workflows) #30534, [static-analysis] RGS-012: Secret Exfiltration via Outbound HTTP Request in daily-model-inventory.lock.yml #30776, [static-analysis] RGS-012: Secret Exfiltration via Outbound HTTP Request in visual-regression-checker.lock.yml #30947, [static-analysis] RGS-012: Secret Exfiltration via Outbound HTTP Request in docs/visual workflows #29885, [static-analysis] RGS-012: Secret Exfiltration via Outbound HTTP Request in docs-noob-tester, visual-regression-checker #29462, [static-analysis] RGS-012: Secret Exfiltration via Outbound HTTP in docs-noob-tester and visual-regression-checker #29178, [static-analysis] RGS-012: Secret Exfiltration via Outbound HTTP Request in docs-noob-tester #28488, [static-analysis] RGS-012: Secret Exfiltration via Outbound HTTP Request in visual-regression-checker #28626, [static-analysis] RGS-012: Secret Exfiltration via Outbound HTTP Request in daily-fact #28328
• RGS-018 → [static-analysis] RGS-018: Suspicious Payload Execution Pattern in multiple workflows #30078, [static-analysis] RGS-018: Suspicious Payload Execution Pattern (34 workflows) #30532, [static-analysis] RGS-018: Suspicious Payload Execution Pattern in multiple workflows #30777, [static-analysis] RGS-018: Suspicious Payload Execution Pattern in api-consumption-report.lock.yml #30946, [static-analysis] RGS-018: Suspicious Payload Execution Pattern in 36 workflows #29461, [static-analysis] RGS-018: Suspicious Payload Execution Pattern in go-logger and 36 other workflows #28154

Zizmor Security Findings

Issue Type	Severity	Count	Unique Workflows
template-injection	Informational	39	14
obfuscation	Low	24	24
github-env	High	2	1 (dev-hawk.lock.yml)
template-injection	Low	1	1
artipacked	Medium	2	2 (daily-geo-optimizer, issue-arborist)
excessive-permissions	Medium	1	1 (dependabot-repair)

High-severity zizmor findings:

• dev-hawk.lock.yml:721 — [High] github-env: dangerous use of environment file
• dev-hawk.lock.yml:1540 — [High] github-env: dangerous use of environment file

Poutine Supply Chain Findings

Issue Type	Severity	Count	Affected Workflows
untrusted_checkout_exec	error	8	smoke-workflow-call, smoke-workflow-call-with-inputs
github_action_from_unverified_creator_used	note	6	mcp-inspector, link-check, super-linter, copilot-setup-steps, smoke-codex
unverified_script_exec	note	2	copilot-setup-steps, smoke-codex
pr_runs_on_self_hosted	warning	1	smoke-copilot-arm

Actionlint Linting Issues

Issue Type	Count	Top Subtype	Affected Workflows
shellcheck	858	SC2086 (425), SC2016 (425)	broad
permissions	109	copilot-requests unknown scope (108)	broad
expression	17	undefined property references	small set

Top Priority Issues

1. Zizmor [High] github-env in dev-hawk.lock.yml

• Tool: zizmor
• Count: 2
• Severity: High
• Affected: .github/workflows/dev-hawk.lock.yml (lines 721, 1540)
• Description: Dangerous use of GitHub Actions environment file ($GITHUB_ENV / $GITHUB_OUTPUT) that can lead to environment variable injection.
• Impact: An attacker who controls some upstream input may be able to inject key=value lines into $GITHUB_ENV, polluting later steps with arbitrary environment variables (including overwriting PATH).
• Reference: (docs.zizmor.sh/redacted)

2. Runner-Guard [High] RGS-004 — Comment-Triggered Workflow Without Author Authorization

• Tool: runner-guard
• Count: 1,739 (across 18 workflows; many repetitions per file)
• Severity: High
• Top affected: unbloat-docs (130), cloclo (116), q (110), tidy (108), mergefest (106), scout (105), pdf-summary (103)
• Description: A workflow is triggered by issue_comment/pull_request_review_comment/workflow_run, accesses secrets/has write permissions, but does not verify github.event.comment.author_association.
• Impact: Any external user can trigger the privileged workflow by posting a comment.
• Reference: https://github.com/Vigilant-LLC/runner-guard (RGS-004)

3. Actionlint — Unknown permission scope copilot-requests (108 occurrences)

• Tool: actionlint
• Count: 108
• Severity: error
• Description: Actionlint reports copilot-requests is not a recognized GitHub Actions permission scope.
• Impact: This is a recently-added GitHub-internal scope; actionlint hasn't been updated. Workflows still execute, but linting noise obscures real issues.
• Recommendation: Upgrade the bundled actionlint or add an actionlint-ignore for this scope.

Fix Suggestion: Zizmor github-env in dev-hawk.lock.yml

Issue: github-env — dangerous use of environment file
Severity: High
Affected Workflows: 1 (dev-hawk.lock.yml, lines 721 and 1540 — both generated from dev-hawk.md)

Prompt to Copilot Agent:

You are fixing a HIGH-severity security vulnerability identified by zizmor in
the workflow `.github/workflows/dev-hawk.md` (the source markdown — lock.yml
is generated). Locations: dev-hawk.lock.yml:721 and dev-hawk.lock.yml:1540.

**Vulnerability**: `github-env` — Dangerous use of environment file
**Rule**: github-env — (docs.zizmor.sh/redacted)

**Current Issue**:
The workflow writes to `$GITHUB_ENV` (or `$GITHUB_OUTPUT`) using untrusted or
poorly sanitized input. An attacker who controls part of the input can inject
newline-delimited `KEY=VALUE` pairs, polluting later steps' environment
(potentially overwriting `PATH`, `LD_PRELOAD`, etc.).

**Required Fix**:
1. Open `.github/workflows/dev-hawk.md` and locate the `run:` steps that
   correspond to dev-hawk.lock.yml lines 721 and 1540.
2. Identify each `>> $GITHUB_ENV` (or `>> "$GITHUB_ENV"`) and `>> $GITHUB_OUTPUT`
   write.
3. Replace with one of these safer patterns:
   - Use a heredoc delimiter (random UUID) so the value cannot contain a
     line break that matches the delimiter:
     ```bash
     EOF=$(uuidgen)
     {
       echo "MY_VAR<<${EOF}"
       echo "${VALUE}"
       echo "${EOF}"
     } >> "$GITHUB_ENV"
     ```
   - Or pass the value via `env:` mapping on a downstream step instead of
     using `$GITHUB_ENV`.
   - Or write to a workspace file and read in the next step.
4. Validate (`grep -n 'GITHUB_ENV\|GITHUB_OUTPUT' .github/workflows/dev-hawk.md`)
   that no `echo "X=$Y" >> $GITHUB_ENV` patterns remain with untrusted `$Y`.
5. Run `gh aw compile dev-hawk` and confirm zizmor no longer flags these lines.

**Example**:
Before:
```yaml
- run: echo "TITLE=${{ github.event.issue.title }}" >> "$GITHUB_ENV"
```

After:
```yaml
- env:
    TITLE: ${{ github.event.issue.title }}
  run: |
    EOF=$(uuidgen)
    {
      echo "TITLE<<${EOF}"
      printf '%s\n' "${TITLE}"
      echo "${EOF}"
    } >> "$GITHUB_ENV"
```

Apply this fix to `.github/workflows/dev-hawk.md` only (the lock file
regenerates automatically on compile).

Historical Trends

• Yesterday (2026-05-11, [static-analysis] Report - 2026-05-11 #31435): 2,469 total findings (zizmor 68, poutine 17, actionlint 554, runner-guard 1,830).
• Today (2026-05-12): 2,903 total findings.
• Change: +434 findings (+17.6%) — driven almost entirely by actionlint (554 → 984, +430). Zizmor +3, runner-guard +1. The actionlint delta is consistent with the introduction of the unknown copilot-requests permission scope flagging every job that uses it (108 occurrences) plus additional shellcheck SC2016/SC2086 warnings in new/changed workflows.

New issue types since previous scan

• None — all observed rules (RGS-004/005/012/018, zizmor's template-injection/obfuscation/artipacked/github-env/excessive-permissions, poutine's untrusted_checkout_exec/etc.) appeared in yesterday's scan.

Resolved issue types

• None — the rule distribution is stable.

Recommendations

1. Immediate (High severity, narrow scope): Fix the 2 zizmor github-env findings in dev-hawk.md — both are in a single workflow and have a clear remediation pattern (see fix prompt above).
2. Short-term: Investigate the actionlint regression from 554→984 findings. Most of the delta is the copilot-requests unknown scope (108 occurrences) — either update bundled actionlint or add a workflow-level ignore.
3. Long-term: Continue the dedup-by-rule-and-file policy ([deep-report] Static-analysis RGS-* security issues recreated daily after closure (no dedup-by-rule) #31043). The current RGS-004 dominance (1,739 findings) is a known systemic issue tracked in prior fix PRs (e.g. fix(rgs-004): add author_association guard to pre_activation jobs for comment-triggered workflows #29481 added author-association guards to pre_activation jobs).
4. Prevention: Resolve poutine's untrusted_checkout_exec findings in smoke-workflow-call*.lock.yml by either confirming the existing # poutine:ignore comments are intentional (they appear in # poutine:ignore lines but still trip the rule) or by refactoring the bash invocations.

Next Steps

• Apply the suggested fix for zizmor github-env in dev-hawk.md
• Investigate actionlint copilot-requests permission scope warnings (108 instances)
• Review the open daily report [static-analysis] Report - 2026-05-11 #31435 (yesterday) and consider closing once today's issue is acknowledged
• No new RGS-* issues created per [deep-report] Static-analysis RGS-* security issues recreated daily after closure (no dedup-by-rule) #31043 dedup policy

References

• §25716057035 — today's scan
• #31435 — yesterday's report (2026-05-11)
• #31043 — dedup-by-rule-and-file policy
• #31254 — fix that introduced the dedup policy

Generated by Static Analysis Report · ● 20.5M · ◷

• expires on May 19, 2026, 6:01 AM UTC