Static Analysis Report - 2026-03-04

[github-actions[bot]]

Analysis Summary

Daily static analysis scan completed for 165 workflows across the github/gh-aw repository using three tools: actionlint, zizmor, and poutine. All findings are stable compared to yesterday — no new issues detected, no resolutions. The security posture remains unchanged.

• Tools Used: zizmor 1.x, poutine, actionlint 1.7.11
• Total Findings: 53 (actionlint: 40, poutine: 9, zizmor: 4)
• Workflows Scanned: 165
• Workflows Affected: 41 (40 actionlint false positives + 1 with real zizmor finding)
• Compilation: 165/165 compiled successfully, 26 compiler warnings
• Change vs Yesterday: 0 (fully stable)

Findings by Tool

Tool	Total	Critical	High	Medium	Low/Info
zizmor (security)	4	0	0	1	3
poutine (supply chain)	9	0	0	0	9
actionlint (linting)	40	—	—	—	40 errors*

*40 actionlint errors are known false positives for the copilot-requests permission scope (GitHub-proprietary, not in actionlint's registry). See details below.

Clustered Findings by Tool and Type

Zizmor Security Findings

Issue Type	Severity	Count	Affected Workflows
artipacked	Medium	1	daily-copilot-token-report
template-injection	Informational	3	contribution-check

Poutine Supply Chain Findings

Issue Type	Severity	Count	Affected Workflows/Actions
pr_runs_on_self_hosted	Warning	1	smoke-copilot-arm
unverified_script_exec	Note	2	copilot-setup-steps, daily-copilot-token-report
unpinnable_action	Note	2	daily-perf-improver/build-steps, daily-test-improver/coverage-steps
github_action_from_unverified_creator_used	Note	4	Various

Actionlint Linting Issues

Issue Type	Count	Status	Affected Workflows
permissions/copilot-requests	40	Known false positive	40 Copilot workflows

copilot-requests: write is a valid GitHub Copilot permission scope used by gh-aw. Actionlint does not recognize it because it is GitHub-proprietary and not in the public permission scope registry. These are not real errors.

Top Priority Issues

1. Artipacked — Credential Persistence via Artifacts

• Tool: zizmor
• Count: 1
• Severity: Medium
• Affected: daily-copilot-token-report
• Location: Line 301 — actions/checkout step
• Description: When actions/checkout is used in a job that also uploads artifacts, Git credentials persisted by checkout may be included in the artifact bundle, enabling credential theft if artifacts are accessed by untrusted actors.
• Reference: (docs.zizmor.sh/redacted)

2. PR Runs on Self-Hosted Runner

• Tool: poutine
• Count: 1
• Severity: Warning
• Affected: smoke-copilot-arm
• Location: Line 315 — runs-on: ubuntu-24.04-arm
• Description: A workflow triggered by pull requests runs on a self-hosted runner. PRs from forks can execute arbitrary code on self-hosted infrastructure.
• Reference: (docs.poutine.dev/redacted)

3. Unverified Script Execution (curl | bash)

• Tool: poutine
• Count: 2
• Severity: Note
• Affected: copilot-setup-steps.yml (line 17), daily-copilot-token-report (line 317)
• Description: Scripts are fetched from raw.githubusercontent.com and piped directly to bash without integrity verification. If the source branch is compromised, malicious code would execute in the workflow.

Fix Suggestion for artipacked (Highest Real Severity)

Issue: Credential persistence through GitHub Actions artifacts
Severity: Medium
Affected Workflows: 1 (daily-copilot-token-report)

Prompt to Copilot Agent:

You are fixing a security vulnerability identified by zizmor in the gh-aw repository.

**Vulnerability**: artipacked — Credential Persistence through GitHub Actions Artifacts
**Rule**: artipacked
**Reference**: (docs.zizmor.sh/redacted)

**Current Issue**:
In `.github/workflows/daily-copilot-token-report.md`, the `actions/checkout` action persists
Git credentials to disk by default (via `.git/config`). If any subsequent step uploads an artifact
that includes the `.git/` directory (or the workspace), those credentials may be bundled into the
artifact. This allows anyone who can download the artifact to extract the GitHub token.

**Required Fix**:
Add `persist-credentials: false` to the `actions/checkout` step in `daily-copilot-token-report.md`.
This prevents the checkout action from writing the GITHUB_TOKEN to `.git/config`.

**Example**:

Before:
```yaml
- name: Checkout code
  uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
```

After:
```yaml
- name: Checkout code
  uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
  with:
    persist-credentials: false
```

Only apply this fix if the subsequent steps in the job do not require Git push/pull operations
using the checkout-persisted credentials. If push operations are needed, consider using a
short-lived token scoped only to the required operations instead.

Please apply this fix to: `.github/workflows/daily-copilot-token-report.md`

All Findings Details

Zizmor — Detailed Findings

contribution-check — template-injection (Informational, ×3)

• File: .github/workflows/contribution-check.lock.yml
• Location: Line 316, step "Write Safe Outputs Config"
• Description: Zizmor flagged three instances of potential template injection via template expansion near line 316. The surrounding context involves writing safe-outputs config. At informational severity, this represents a pattern to watch rather than an exploitable vulnerability in the current form.
• Reference: (docs.zizmor.sh/redacted)

daily-copilot-token-report — artipacked (Medium, ×1)

• File: .github/workflows/daily-copilot-token-report.lock.yml
• Location: Line 301, step "Checkout code"
• Description: actions/checkout persists Git credentials by default. This workflow also installs gh-aw and uploads workflow artifacts. Credentials in .git/config could be exfiltrated through artifact downloads.
• Fix: Add persist-credentials: false to the checkout step.
• Reference: (docs.zizmor.sh/redacted)

Poutine — Detailed Findings

smoke-copilot-arm — pr_runs_on_self_hosted (Warning)

• File: .github/workflows/smoke-copilot-arm.lock.yml
• Location: Line 315
• Description: The agent job runs on ubuntu-24.04-arm (self-hosted ARM runner). Pull request triggers on self-hosted runners are a risk vector for fork-based code injection attacks.
• Recommendation: Use GitHub-hosted runners for PR workflows, or restrict which PRs can trigger this workflow to trusted actors only.

copilot-setup-steps / daily-copilot-token-report — unverified_script_exec (Note, ×2)

• Locations: copilot-setup-steps.yml:17, daily-copilot-token-report.lock.yml:317
• Description: Both use curl -fsSL https://raw.githubusercontent.com/github/gh-aw/refs/heads/main/install-gh-aw.sh | bash — downloading and executing a script from a mutable branch ref without integrity checks.
• Recommendation: Pin to a specific commit SHA or tag, and verify checksum before execution.

daily-perf-improver/build-steps / daily-test-improver/coverage-steps — unpinnable_action (Note, ×2)

• Description: These composite actions use components that cannot be pinned to a SHA (e.g., local or dynamic references). This means the exact version executed cannot be guaranteed.

github_action_from_unverified_creator_used (Note, ×4)

• Description: Four action usages reference actions published by creators without GitHub Marketplace verification. Not necessarily malicious, but worth auditing for supply chain risk.

Actionlint — Known False Positives

permissions/copilot-requests (Error, ×40)

Actionlint 1.7.11 reports copilot-requests as an unknown permission scope in 40 workflows. This is a false positive — copilot-requests: write is a valid GitHub Copilot permission scope used internally by gh-aw Copilot-engine workflows. It is not in actionlint's public registry because it is GitHub-proprietary.

All 40 affected workflows: agent-performance-analyzer, archie, artifacts-summary, auto-triage-issues, brave, breaking-change-checker, ci-coach, claude-code-user-docs-review, cli-consistency-checker, code-scanning-fixer, copilot-cli-deep-research, copilot-pr-merged-report, copilot-pr-nlp-analysis, copilot-pr-prompt-analysis, craft, daily-architecture-diagram, daily-assign-issue-to-user, daily-cli-performance, daily-compiler-quality, daily-copilot-token-report, daily-file-diet, daily-malicious-code-scan, daily-mcp-concurrency-analysis, daily-news, daily-repo-chronicle, daily-secrets-analysis, daily-syntax-error-quality, daily-testify-uber-super-expert, daily-workflow-updater, dead-code-remover, delight, dev-hawk, dev, dictation-prompt, discussion-task-miner, docs-noob-tester, draft-pr-cleanup, firewall-escape, smoke-create-cross-repo-pr, smoke-update-cross-repo-pr.

Consider adding an actionlint ignore comment or config exception for copilot-requests to suppress these false positives.

Compiler Warnings (26)

Category	Count	Details
Experimental: rate-limit	4	agent-persona-explorer, audit-workflows, duplicate-code-detector, weekly-safe-outputs-spec-review
Experimental: safe-inputs	10	copilot-cli-deep-research, daily-choice-test, daily-observability-report, daily-performance-summary, smoke-agent, smoke-claude, smoke-codex, smoke-copilot-arm, smoke-gemini, go-fan
Missing permissions	1	security-alert-burndown.campaign.g: missing actions/issues/pull-requests/security-events read
Unsupported tool (copilot+web-search)	2	ci-coach, example-workflow-analyzer
Schedule fuzzing recommendations	9	Various workflows with fixed cron times

Historical Trends

Date	Workflows	Actionlint	Zizmor	Poutine	Compiler Warns	Total
2026-02-21	156	719	11	0	25	730
2026-02-22	158	344	0	11	25	355
2026-02-23	158	157	0	9	25	166
2026-02-24	158	159	0	10	25	169
2026-02-25	158	161	4	7	25	172
2026-02-26	160	3	4	9	25	16
2026-02-27	161	40	4	9	25	53
2026-03-01	162	40	4	9	27	53
2026-03-02	165	41	4	9	26	54
2026-03-03	165	40	4	9	26	53
2026-03-04	165	40	4	9	26	53

New Issues: None
Resolved Issues: None (fully stable)

The actionlint count has been stable at 40 for 3 consecutive days after the smoke-copilot workflow resolved one false positive on 2026-03-03. Zizmor and poutine findings have been unchanged for 6+ days.

Recommendations

1. Immediate — Fix artipacked in daily-copilot-token-report: add persist-credentials: false to the checkout step (Medium severity, 12+ days persistent).
2. Short-term — Review smoke-copilot-arm self-hosted runner usage for PR triggers (poutine warning).
3. Short-term — Pin the install-gh-aw.sh script reference to a commit SHA and add checksum verification in copilot-setup-steps.yml and daily-copilot-token-report.
4. Long-term — Configure an actionlint ignore rule for copilot-requests to suppress 40 known false positives and reduce noise.
5. Long-term — Audit the 4 unverified GitHub Actions creator usages and pin to verified alternatives where possible.

Next Steps

• Apply persist-credentials: false fix to daily-copilot-token-report.md (use fix prompt above with Copilot agent)
• Evaluate self-hosted runner risk for smoke-copilot-arm PR trigger
• Add copilot-requests to actionlint allowlist/config to eliminate false positive noise
• Pin install-gh-aw.sh curl invocations to a tagged/SHA ref

References:

• §22657840828
• §22611196350 (yesterday)
• §22564270689 (2026-03-02)

AI generated by Static Analysis Report · history

• expires on Mar 5, 2026, 6:32 AM UTC

[github-actions[bot]]

This discussion was automatically closed because it expired on 2026-03-05T06:32:26.627Z.

Closed by Workflow