Workflow shell footgun
This issue tracks a recurring review-feedback class from the EvalOps review feedback sentinel.
- Class:
workflow-shell-footgun
- Score:
80
- Findings:
1
- Repos:
evalops/deploy
- Generated at:
2026-06-07T18:46:46Z
- Window: merged since
2026-06-04 with minimum severity high
Guardrail to build
Add or extend workflow lint/security checks so fragile shell and GitHub Actions mistakes fail before review.
Representative feedback
p1 evalops/deploy#5339 .github/workflows/cerebro-scry.yml:231
Finding fingerprints
93df53d5e3284d2594567c6bf3f7d16eac86e0c8110de106fba3e66365968d75
Acceptance criteria
- The class has an owner repo and a concrete guardrail location.
- The guardrail fails for at least one representative feedback shape listed above.
- The guardrail is wired into the smallest relevant CI or preflight target.
- The issue is closed only after the guardrail has merged and the feedback sentinel no longer ranks this class as an unaddressed candidate.
Workflow shell footgun
This issue tracks a recurring review-feedback class from the EvalOps review feedback sentinel.
workflow-shell-footgun801evalops/deploy2026-06-07T18:46:46Z2026-06-04with minimum severityhighGuardrail to build
Add or extend workflow lint/security checks so fragile shell and GitHub Actions mistakes fail before review.
Representative feedback
p1evalops/deploy#5339 .github/workflows/cerebro-scry.yml:231Finding fingerprints
93df53d5e3284d2594567c6bf3f7d16eac86e0c8110de106fba3e66365968d75Acceptance criteria