[static-analysis] Report - 2026-04-12

[github-actions]

Analysis Summary

• Tools Used: zizmor, poutine, actionlint, runner-guard
• Scan Date: 2026-04-12
• Workflows Scanned: 187
• Workflows Compiled: 187 (100% success)
• Total Findings: 4,440
• Workflow Run: §24309747550

Findings by Tool

Tool	Total	Critical	High	Medium	Informational/Low
zizmor (security)	4,312	0	1	4,206	105
poutine (supply chain)	22	0	0	6 errors	16 notes
actionlint (linting)	106	—	—	106 errors	—
runner-guard (taint)	0	0	0	0	0

Historical Trends

Date	Total	Zizmor	Poutine	Actionlint	Runner-Guard
2026-04-10	4,379	4,051	22	306	0
2026-04-11	4,287	4,135	22	130	0
2026-04-12	4,440	4,312	22	106	0

Net change vs yesterday: +153 (+3.6%)

✅ Improvements:

• shellcheck errors fully resolved: 24 → 0 (-24 issues)
• artipacked findings resolved: 2 → 0 (-2 issues)

⚠️ Regressions:

• secrets-outside-env: 4,027 → 4,206 (+179) — likely from new jobs added to existing workflows

Clustered Findings by Tool and Type

Zizmor Security Findings

Issue Type	Severity	Count	Affected Workflows
secrets-outside-env	Medium	4,206	187 (all)
template-injection	Informational	84	28
obfuscation	Low	21	21
github-env	High	1	dev-hawk
artipacked	Medium	0	0 ✅ resolved

Poutine Supply Chain Findings

Issue Type	Severity	Count	Affected Workflows
untrusted_checkout_exec	error	6	smoke-workflow-call, smoke-workflow-call-with-inputs
pr_runs_on_self_hosted	warning	1	smoke-copilot-arm
github_action_from_unverified_creator_used	note	8	various
unverified_script_exec	note	5	various
unpinnable_action	note	2	daily-test-improver, daily-perf-improver actions

Actionlint Linting Issues

Issue Type	Count	Affected Workflows
permissions: unknown scope copilot-requests	95	48 workflows
expression: undefined property	11	4 workflows (ace-editor, smoke-claude, smoke-workflow-call, smoke-workflow-call-with-inputs)
shellcheck	0	✅ resolved

Runner-Guard Taint Analysis

Runner-guard executed successfully but produced no findings this scan.

Top Priority Issues

1. github-env — Dangerous Use of Environment File (High)

• Tool: zizmor
• Count: 1
• Severity: High
• Affected: dev-hawk
• Description: A run: step writes to $GITHUB_ENV in a way that can allow attacker-controlled content to inject environment variables, potentially escalating privilege.
• Impact: An attacker who can influence the value written to $GITHUB_ENV can set arbitrary env vars for subsequent steps, enabling secret theft or command injection.
• Reference: (docs.zizmor.sh/redacted)

2. copilot-requests Permission Scope (Actionlint Error — 95 instances)

• Tool: actionlint
• Count: 95 errors across 48 workflows
• Severity: Error (unrecognized scope)
• Affected: 48 workflows including archie, brave, ci-coach, code-scanning-fixer, craft, daily-*, etc.
• Description: Actionlint does not recognize copilot-requests: write as a valid GitHub Actions permission scope. This is a GitHub Copilot-specific scope not yet in actionlint's schema.
• Impact: Lint failures in CI checks; may mask other errors. Scope is likely valid at runtime but not validated by tooling.
• Reference: https://github.com/rhysd/actionlint/blob/main/docs/checks.md#check-permissions

3. secrets-outside-env (Medium — all 187 workflows)

• Tool: zizmor
• Count: 4,206 findings
• Severity: Medium
• Affected: All 187 workflows
• Description: Secrets are passed as environment variables without using a dedicated GitHub Actions environment: that enforces protection rules. This means secrets are available to all jobs even if environment-level approval is not enforced.
• Reference: (docs.zizmor.sh/redacted)

Fix Suggestion for copilot-requests Permission Scope

Issue: actionlint does not recognize copilot-requests: write as a valid permission scope, producing errors across 48 workflows.
Severity: Error (actionlint)
Affected Workflows: 48

Root Cause: The copilot-requests permission scope is a GitHub Copilot API extension not yet included in actionlint's built-in permissions schema (as of v1.7.12).

Prompt to Copilot Agent:

You are fixing an actionlint linting error in GitHub Actions workflow files.

**Vulnerability**: Actionlint does not recognize `copilot-requests: write` as a valid permission scope.
**Rule**: [permissions] unknown permission scope "copilot-requests"
**Reference**: https://github.com/rhysd/actionlint/blob/main/docs/checks.md#check-permissions

**Current Issue**:
Many workflow .lock.yml files contain:
```yaml
permissions:
  copilot-requests: write

Actionlint version 1.7.12 does not include this scope in its known permissions list, causing errors in every job that declares it.

Options:

1. If the copilot-requests scope is required for runtime, add a .actionlint.yaml config to suppress this specific check, OR
2. If the scope is not strictly required, remove copilot-requests: write from the permissions block.

Recommended Fix — suppress via config if the scope is needed at runtime:

# .actionlint.yaml
self-hosted-runner:
  labels: []
config-variables: []
# Suppress false-positive for copilot-requests scope until actionlint adds support

Or use # actionlint:ignore on affected lines.

Please audit all 48 affected workflows and apply the appropriate fix consistently.
Affected workflows include: agent-performance-analyzer, archie, architecture-guardian, artifacts-summary, auto-triage-issues, brave, breaking-change-checker, ci-coach, claude-code-user-docs-review, cli-consistency-checker, code-scanning-fixer, copilot-cli-deep-research, copilot-pr-merged-report, copilot-pr-nlp-analysis, copilot-pr-prompt-analysis, copilot-token-audit, copilot-token-optimizer, craft, daily-architecture-diagram, daily-assign-issue-to-user, daily-cli-performance, daily-compiler-quality, daily-file-diet, daily-malicious-code-scan, daily-mcp-concurrency-analysis, daily-news, daily-repo-chronicle, daily-safe-output-integrator, daily-secrets-analysis, daily-security-red-team, daily-semgrep-scan, daily-syntax-error-quality, daily-testify-uber-super-expert, daily-workflow-updater, dead-code-remover, delight, dev-hawk, dev, dictation-prompt, discussion-task-miner, docs-noob-tester, draft-pr-cleanup, firewall-escape, refactoring-cadence, security-review, smoke-create-cross-repo-pr, smoke-update-cross-repo-pr, test-quality-sentinel

<details>
<summary>Detailed Findings by Workflow (Expression Errors)</summary>

#### ace-editor
- **Issue**: `needs.activation.outputs.activated` not defined in activation output type
- **Severity**: Error
- **Location**: Line 594
- **Description**: Property "activated" is not defined in the activation output schema; actionlint cannot verify this output exists.

#### smoke-claude
- **Issue**: `needs.activation.outputs.artifact_prefix` not defined
- **Severity**: Error
- **Locations**: Lines 864, 2468
- **Description**: Property "artifact_prefix" is not declared in the activation output type used by actionlint's schema.

#### smoke-workflow-call / smoke-workflow-call-with-inputs
- **Issue**: `job.workflow_repository`, `job.workflow_sha`, `job.workflow_ref`, `job.workflow_file_path` not defined
- **Severity**: Error
- **Description**: These are reusable workflow context properties available at runtime but not yet in actionlint's `job` context schema.

</details>

<details>
<summary>Detailed Poutine Findings</summary>

#### smoke-workflow-call-with-inputs / smoke-workflow-call
- **Rule**: `untrusted_checkout_exec` (error)
- **Description**: Arbitrary Code Execution from Untrusted Code Changes — `bash` scripts executed from checked-out code in pull_request_target context.
- **Note**: Lines with `# poutine:ignore untrusted_checkout_exec` are properly annotated suppression comments; the remaining 6 violations are on lines without suppression.

#### smoke-copilot-arm
- **Rule**: `pr_runs_on_self_hosted` (warning)
- **Description**: Pull Request workflow runs on self-hosted runner (`ubuntu-24.04-arm`), which can expose secrets or runner state to untrusted code.

#### copilot-token-audit, copilot-token-optimizer, copilot-setup-steps
- **Rule**: `unverified_script_exec` (note)
- **Description**: curl-piped-to-bash installation pattern for `install-gh-aw.sh`. No SHA verification on the script.

</details>

### Recommendations

1. **Immediate**: Fix `github-env` (High) in `dev-hawk` — validate or sanitize values before writing to `$GITHUB_ENV`.
2. **Short-term**: Add `.actionlint.yaml` config to suppress false-positive `copilot-requests` scope errors (-95 actionlint errors across 48 workflows).
3. **Short-term**: Fix `untrusted_checkout_exec` in `smoke-workflow-call*` workflows or add proper suppression comments.
4. **Long-term**: Address `secrets-outside-env` (Medium) by migrating sensitive workflows to use named GitHub environments with protection rules.
5. **Prevention**: Consider pinning the `install-gh-aw.sh` script to a SHA-verified version to address `unverified_script_exec`.

### Next Steps

- [ ] Fix `github-env` High severity in `dev-hawk`
- [ ] Add `.actionlint.yaml` to suppress `copilot-requests` false positives
- [ ] Fix or annotate `untrusted_checkout_exec` in smoke-workflow-call workflows
- [ ] Monitor `secrets-outside-env` count — 179 new instances vs yesterday suggests new jobs added without environment configuration

**References:**
- [§24309747550](https://github.com/github/gh-aw/actions/runs/24309747550)




> Generated by [Static Analysis Report](https://github.com/github/gh-aw/actions/runs/24309747550/agentic_workflow) · ● 409.8K · [◷](https://github.com/search?q=repo%3Agithub%2Fgh-aw+is%3Aissue+%22gh-aw-workflow-call-id%3A+github%2Fgh-aw%2Fstatic-analysis-report%22&type=issues)
> - [x] expires <!-- gh-aw-expires: 2026-04-19T15:21:10.673Z --> on Apr 19, 2026, 3:21 PM UTC

<!-- gh-aw-agentic-workflow: Static Analysis Report, engine: claude, model: auto, id: 24309747550, workflow_id: static-analysis-report, run: https://github.com/github/gh-aw/actions/runs/24309747550 -->

<!-- gh-aw-workflow-id: static-analysis-report -->
<!-- gh-aw-workflow-call-id: github/gh-aw/static-analysis-report -->

[pelikhan]

@copilot 3. secrets-outside-env (Medium — all 187 workflows)

Tool: zizmor
Count: 4,206 findings
Severity: Medium
Affected: All 187 workflows
Description: Secrets are passed as environment variables without using a dedicated GitHub Actions environment: that enforces protection rules. This means secrets are available to all jobs even if environment-level approval is not enforced.
Reference: (docs.zizmor.sh/redacted)

Ignore others.