🔍 Static Analysis Report - November 24, 2025

[github-actions[bot]]

🔍 Static Analysis Report - November 24, 2025

Executive Summary

Completed comprehensive static analysis of 92 agentic workflows using three industry-standard security and quality tools: zizmor (security scanner), poutine (supply chain security), and actionlint (workflow linter). The scan identified 10 total findings across 4 workflows, with 4 High-severity security issues requiring immediate attention.

Key Findings

• Total Workflows Scanned: 92
• Workflows with Issues: 4 (4.3%)
• Total Findings: 10
• High Severity Issues: 4 (template injection vulnerabilities)
• Most Critical Workflow: release-highlights.lock.yml (7 issues from all 3 tools)

📊 Findings by Tool

Zizmor (Security Scanner)

Severity	Count	Issue Type
High	4	Template Injection
Low	1	Template Injection
Informational	1	Template Injection
Total	6

Poutine (Supply Chain Security)

Severity	Count	Issue Type
Warning	1	Arbitrary External Input Injection
Total	1

Actionlint (Workflow Linter)

Type	Count	Issue
Error	1	Syntax error (unexpected key)
Warning	3	Shellcheck issues (SC2086)
Total	4

🚨 Priority Issues

1. Template Injection Vulnerabilities (HIGH PRIORITY)

Tool: Zizmor
Severity: High (4 occurrences), Low (1), Informational (1)
Affected Workflows: 4 workflows
Documentation: (redacted)#template-injection

Description: GitHub Actions template expressions (${{ ... }}) used in unsafe contexts where untrusted user input could lead to arbitrary code execution.

Risk: Attackers can inject malicious code through issue titles, PR descriptions, workflow inputs, or commit messages that gets executed during workflow runs.

Affected Workflows:

1. ✅ changeset.lock.yml (Line 5979) - Informational
2. ⚠️ close-old-discussions.lock.yml (Line 249) - HIGH
3. ✅ mcp-inspector.lock.yml (Line 1622) - Low
4. ⚠️ release-highlights.lock.yml (Line 419) - HIGH (3 occurrences)

2. External Input Injection (HIGH PRIORITY)

Tool: Poutine
Severity: Warning
Affected Workflow: release-highlights.lock.yml (Line 422)

Description: Arbitrary external contributor input (github.event.inputs.release_tag) flows directly into shell commands without proper sanitization.

Risk: Command injection allowing external contributors to execute arbitrary shell commands.

3. Syntax Error (MEDIUM PRIORITY)

Tool: Actionlint
Type: Error
Affected Workflow: cloclo.lock.yml (Line 337)

Description: Unexpected key "names" in "issues" section. Expected one of: "branches", "branches-ignore", "paths", "paths-ignore", "tags", "tags-ignore", "types", "workflows".

Impact: Workflow may not trigger correctly or fail validation.

4. Shellcheck Issues (LOW PRIORITY)

Tool: Actionlint (via shellcheck)
Type: Warning (SC2086)
Count: 3 occurrences
Affected Workflow: release-highlights.lock.yml (Line 422)

Description: Variables used without double quotes can cause word splitting and globbing issues.

Impact: Script may behave unexpectedly with filenames/values containing spaces or special characters.

📋 Detailed Findings by Workflow

changeset.lock.yml (1 finding)

Zizmor - Template Injection (Informational)

• Line: 5979
• Severity: Informational
• Context: Configure Git credentials step
• Assessment: Likely safe if using only controlled secrets/env vars
• Action: Review and document as safe, or apply env variable pattern

close-old-discussions.lock.yml (1 finding)

Zizmor - Template Injection (HIGH)

• Line: 249
• Severity: High
• Context: Environment variable setup
• Risk: User-controlled input may flow into template expressions
• Action: IMMEDIATE FIX REQUIRED - Move template expressions to env block

Fix Pattern:

# Before:
- run: echo "${{ github.event.discussion.title }}"

# After:
- env:
    DISCUSSION_TITLE: ${{ github.event.discussion.title }}
  run: echo "$DISCUSSION_TITLE"

cloclo.lock.yml (1 finding)

Actionlint - Syntax Error

• Line: 337
• Type: syntax-check error
• Issue: unexpected key "names" for "issues" section
• Expected keys: branches, branches-ignore, paths, paths-ignore, tags, tags-ignore, types, workflows
• Action: Fix the workflow trigger configuration - remove or correct the "names" key

Fix: Check the source .github/workflows/cloclo.md and correct the trigger section.

release-highlights.lock.yml (7 findings - CRITICAL)

This workflow has the most issues and requires immediate attention.

Zizmor - Template Injection (HIGH) - 3 occurrences

• Line: 419 (repeated 3 times)
• Severity: High
• Context: Setup environment and fetch release data step
• Risk: External input flows through template expressions

Poutine - Injection (Warning)

• Line: 422
• Type: Arbitrary External Contributor Input
• Source: github.event.inputs.release_tag
• Risk: Command injection via workflow inputs

Actionlint - Shellcheck (SC2086) - 3 warnings

• Line: 422 (multiple locations in script)
• Issue: Variables not double-quoted
• Risk: Word splitting and globbing

Comprehensive Fix for release-highlights.md:

# Before (VULNERABLE):
- name: Setup environment and fetch release data
  env:
    GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  run: |
    if [ "${{ github.event_name }}" = "release" ]; then
      RELEASE_TAG="${{ github.event.release.tag_name }}"
    elif [ -n "${{ github.event.inputs.release_tag }}" ]; then
      RELEASE_TAG="${{ github.event.inputs.release_tag }}"
    fi
    gh release view "$RELEASE_TAG"

# After (SECURE):
- name: Setup environment and fetch release data
  env:
    GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    EVENT_NAME: ${{ github.event_name }}
    RELEASE_TAG_FROM_EVENT: ${{ github.event.release.tag_name }}
    RELEASE_TAG_FROM_INPUT: ${{ github.event.inputs.release_tag }}
  run: |
    if [ "$EVENT_NAME" = "release" ]; then
      RELEASE_TAG="$RELEASE_TAG_FROM_EVENT"
    elif [ -n "$RELEASE_TAG_FROM_INPUT" ]; then
      RELEASE_TAG="$RELEASE_TAG_FROM_INPUT"
    fi
    gh release view "$RELEASE_TAG"

This single change fixes:

• ✅ 3 zizmor template-injection warnings
• ✅ 1 poutine injection warning
• ✅ 3 actionlint shellcheck warnings

mcp-inspector.lock.yml (1 finding)

Zizmor - Template Injection (Low)

• Line: 1622
• Severity: Low
• Context: Setup MCPs step
• Assessment: Uses secrets and controlled env vars only
• Action: Review and document as safe, or apply env variable pattern for consistency

🔧 Fix Recommendations

Immediate Actions (High Priority)

1. Fix release-highlights.md (7 issues)

   • Move all template expressions to env variables
   • Quote all variables in shell scripts
   • Recompile and verify with all three tools

2. Fix close-old-discussions.md (1 High severity issue)

   • Move template expressions to env block
   • Recompile and verify

Short-term Actions (Medium Priority)

3. Fix cloclo.md syntax error
   • Correct the "names" key in issues trigger
   • Review GitHub Actions workflow syntax documentation

Long-term Actions (Low Priority)

4. Review and document changeset.md and mcp-inspector.md

   • If using only controlled inputs, add comments explaining safety
   • Consider applying env variable pattern for consistency

5. Establish preventive measures

   • Add static analysis to pre-commit hooks
   • Create workflow templates with security best practices
   • Document secure coding patterns for agentic workflows

📝 Fix Template Available

A comprehensive fix template has been created and stored in cache memory:

• Location: /tmp/gh-aw/cache-memory/fix-templates/zizmor-template-injection.md
• Contents: Detailed fix instructions, before/after examples, and agent prompt

Quick Fix Prompt for Copilot/Claude Agent

Fix template injection vulnerabilities in GitHub Actions workflows:

Priority files:
1. .github/workflows/release-highlights.md (7 issues - CRITICAL)
2. .github/workflows/close-old-discussions.md (1 High issue)
3. .github/workflows/cloclo.md (1 syntax error)

Pattern: Move ${{ ... }} template expressions from run: commands to env: blocks.

Before:
- run: echo "${{ github.event.inputs.value }}"

After:
- env:
    INPUT_VALUE: ${{ github.event.inputs.value }}
  run: echo "$INPUT_VALUE"

Validate: gh aw compile (workflow-name) --zizmor --poutine --actionlint

📈 Analysis Statistics

Workflows by Engine

Engine	Total Workflows	Workflows with Issues	Issue Rate
Copilot	49	3	6.1%
Claude	28	1	3.6%
Codex	3	0	0%
Custom	1	0	0%
Total	92	4	4.3%

Issue Clustering

Issue Type	Tool	Count	Workflows
Template Injection	Zizmor	6	4
External Input Injection	Poutine	1	1
Syntax Errors	Actionlint	1	1
Shellcheck Issues	Actionlint	3	1

Severity Distribution

High:          ████████ 4 (40%)
Medium:        ██ 1 (10%)
Low:           ██ 1 (10%)
Informational: █ 1 (10%)
Warnings:      ███ 3 (30%)

🎯 Success Metrics

To consider this scan successfully remediated:

• ✅ Fix all 4 High severity template injection issues
• ✅ Fix 1 syntax error in cloclo.md
• ✅ Address external input injection in release-highlights.md
• ✅ Re-run static analysis showing 0 High/Medium issues
• ✅ Document remaining Low/Informational findings as safe or fix

Target: Reduce High severity findings from 4 to 0

📚 Additional Resources

• Zizmor Documentation
• GitHub Actions Security Hardening
• Poutine Security Scanner
• Actionlint Documentation
• OWASP Command Injection Prevention

🔄 Next Steps

1. Apply fixes to high-priority workflows using the fix template
2. Re-compile workflows with all three static analysis tools
3. Verify fixes by confirming 0 High severity issues
4. Update workflow templates to prevent future issues
5. Schedule next scan to track progress and catch regressions

---

Scan Date: November 24, 2025
Tools Used: zizmor v1.x, poutine v1.x, actionlint v1.x
Total Workflows Analyzed: 92
Analysis Duration: ~5 minutes
Cache Memory Updated: /tmp/gh-aw/cache-memory/security-scans/2025-11-24.json

AI generated by Static Analysis Report

[github-actions[bot]]

This discussion was automatically closed because it was created by an agentic workflow more than 1 week ago.