🔍 Static Analysis Report - February 7, 2026

[github-actions[bot]]

Analysis Summary

Static analysis completed on 147 agentic workflows using zizmor (security), poutine (supply chain), and actionlint (linting).

• Total Findings: 344
• Workflows Scanned: 147
• Workflows with Issues: 17 (11.6%)
• Tools Used: zizmor v1.x, poutine v1.x, actionlint v1.7.10

Findings by Tool

Tool	Total	Critical	High	Medium	Low	Info/Style
zizmor (security)	3	0	0	2	1	-
poutine (supply chain)	20	-	-	-	-	14 warnings, 6 info
actionlint (linting)	321	-	-	-	-	321 style
Total	344	0	0	2	1	341

Priority Assessment

Good News: No Critical or High severity security issues detected. The repository follows secure practices with action pinning and strict mode compilation.

Focus Areas:

1. Medium Priority: 2 medium-severity security issues (artipacked)
2. Low Priority: 14 permission warnings (default_permissions_on_risky_events)
3. Style/Info: 321 shellcheck suggestions (non-security)

Clustered Findings by Tool and Type

Zizmor Security Findings (3 total)

Issue Type	Severity	Count	Affected Workflows
artipacked	Medium	2	daily-copilot-token-report, hourly-ci-cleaner
template-injection	Low	1	mcp-inspector

Details:

• artipacked: Credential persistence through GitHub Actions artifacts. When workflows use actions/checkout and upload artifacts, GITHUB_TOKEN credentials may persist in the artifact archive.

  • Reference: (docs.zizmor.sh/redacted)

• template-injection: Code injection via template expansion in workflow files.

  • Reference: (docs.zizmor.sh/redacted)

Poutine Supply Chain Findings (20 total)

Issue Type	Level	Count	Affected Workflows
default_permissions_on_risky_events	Warning	14	ai-moderator, archie, brave, cloclo, grumpy-reviewer, mergefest, pdf-summary, plan, pr-nitpick-reviewer, q, scout, security-review, tidy, unbloat-docs
unverified_script_exec	Info	4	daily-copilot-token-report, copilot-setup-steps
unpinnable_action	Info	2	daily-perf-improver/build-steps, daily-test-improver/coverage-steps

Details:

• default_permissions_on_risky_events: Workflows triggered by risky events (e.g., pull_request_target) use default GITHUB_TOKEN permissions, which may grant excessive access.

• unverified_script_exec: Workflows execute scripts downloaded from remote URLs (e.g., curl | bash for installation scripts).

• unpinnable_action: Composite actions cannot pin their dependencies, making them harder to secure.

Actionlint Linting Issues (321 total)

Issue Type	Count	Description
shellcheck SC2129	321	Style suggestion: Consider using { cmd1; cmd2; } >> file instead of individual redirects

Note: This is a code style suggestion, not a security or functional issue. Affects nearly all workflows but has minimal impact.

Top Priority Issue: default_permissions_on_risky_events

Tool: Poutine
Count: 14 workflows
Severity: Warning
Affected: ai-moderator, archie, brave, cloclo, grumpy-reviewer, mergefest, pdf-summary, plan, pr-nitpick-reviewer, q, scout, security-review, tidy, unbloat-docs

Description: These workflows are triggered by events that can be influenced by untrusted actors (e.g., pull_request_target) and do not explicitly restrict GITHUB_TOKEN permissions. By default, these workflows run with write permissions, which could be exploited if an attacker can influence workflow execution.

Impact: Potential for privilege escalation, unauthorized code modifications, or secret exfiltration if combined with other vulnerabilities.

Recommendation: Add explicit permissions: blocks to restrict access to only what's needed.

Fix Suggestion for default_permissions_on_risky_events

Issue: Default permissions used on risky events
Severity: Warning
Affected Workflows: 14 workflows

Prompt to Copilot Agent:

You are fixing a security issue identified by Poutine security scanner.

**Vulnerability**: default_permissions_on_risky_events  
**Description**: Workflows triggered by risky events are using default GITHUB_TOKEN permissions

**Affected Workflows**:
- .github/workflows/ai-moderator.lock.yml
- .github/workflows/archie.lock.yml
- .github/workflows/brave.lock.yml
- .github/workflows/cloclo.lock.yml
- .github/workflows/grumpy-reviewer.lock.yml
- .github/workflows/mergefest.lock.yml
- .github/workflows/pdf-summary.lock.yml
- .github/workflows/plan.lock.yml
- .github/workflows/pr-nitpick-reviewer.lock.yml
- .github/workflows/q.lock.yml
- .github/workflows/scout.lock.yml
- .github/workflows/security-review.lock.yml
- .github/workflows/tidy.lock.yml
- .github/workflows/unbloat-docs.lock.yml

**Current Issue**:
These workflows are triggered by events that can be influenced by untrusted actors (e.g., pull_request_target) and do not explicitly restrict permissions. This means they run with default write permissions, which could be exploited.

**Required Fix**:
1. Identify each workflow's actual permission requirements
2. Add explicit `permissions:` block at the workflow level
3. Follow the principle of least privilege - only grant what's necessary

**Example Fix**:

Before (no explicit permissions):
```yaml
name: AI Moderator
on:
  pull_request_target:
    types: [opened, edited]

jobs:
  moderate:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: ./moderate.sh
```

After (explicit minimal permissions):
```yaml
name: AI Moderator
on:
  pull_request_target:
    types: [opened, edited]

permissions:
  contents: read
  pull-requests: write
  issues: write

jobs:
  moderate:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: ./moderate.sh
```

**Common Permission Patterns**:
- Read-only workflows: `permissions: read-all` or `permissions: { contents: read }`
- Comment on PRs/issues: Add `pull-requests: write` and/or `issues: write`
- Create releases: Add `contents: write`
- No permissions needed: `permissions: {}`

**Important**:
1. For pull_request_target workflows, be cautious about checking out untrusted code
2. Consider if the workflow could use `pull_request` event instead (safer)
3. Test that workflows still function after adding restrictions

Please review and fix all 14 affected workflow `.md` source files (not the `.lock.yml` files) by adding explicit, minimal permissions to their frontmatter or YAML structure.

Detailed Findings by Workflow

View All Zizmor Findings

daily-copilot-token-report.lock.yml

• Issue: artipacked
• Severity: Medium
• Location: Line 115, Column 9
• Description: Credential persistence through GitHub Actions artifacts
• Reference: (docs.zizmor.sh/redacted)
• Fix: Review artifact uploads and ensure GITHUB_TOKEN is not persisted

hourly-ci-cleaner.lock.yml

• Issue: artipacked
• Severity: Medium
• Location: Line 817, Column 9
• Description: Credential persistence through GitHub Actions artifacts
• Reference: (docs.zizmor.sh/redacted)
• Fix: Review artifact uploads and ensure GITHUB_TOKEN is not persisted

mcp-inspector.lock.yml

• Issue: template-injection
• Severity: Low
• Location: Line 496, Column 9
• Description: Code injection via template expansion
• Reference: (docs.zizmor.sh/redacted)
• Fix: Sanitize template variables or avoid dynamic template expansion

View All Poutine Findings

default_permissions_on_risky_events (14 occurrences)

Workflows using default permissions on risky trigger events:

• ai-moderator.lock.yml (line 1)
• archie.lock.yml (line 1)
• brave.lock.yml (line 1)
• cloclo.lock.yml (line 1)
• grumpy-reviewer.lock.yml (line 1)
• mergefest.lock.yml (line 1)
• pdf-summary.lock.yml (line 1)
• plan.lock.yml (line 1)
• pr-nitpick-reviewer.lock.yml (line 1)
• q.lock.yml (line 1)
• scout.lock.yml (line 1)
• security-review.lock.yml (line 1)
• tidy.lock.yml (line 1)
• unbloat-docs.lock.yml (line 1)

unverified_script_exec (4 occurrences)

Scripts executed from remote URLs without verification:

• daily-copilot-token-report.lock.yml:143 - curl -LsSf (astral.sh/redacted) | sh
• daily-copilot-token-report.lock.yml:131 - curl -fsSL https://raw.githubusercontent.com/github/gh-aw/refs/heads/main/install-gh-aw.sh | bash
• copilot-setup-steps.yml:42 - curl -LsSf (astral.sh/redacted) | sh
• copilot-setup-steps.yml:17 - curl -fsSL https://raw.githubusercontent.com/github/gh-aw/refs/heads/main/install-gh-aw.sh | bash

unpinnable_action (2 occurrences)

Composite actions that cannot pin dependencies:

• daily-perf-improver/build-steps/action.yml (line 1)
• daily-test-improver/coverage-steps/action.yml (line 1)

View Actionlint Shellcheck Findings

shellcheck SC2129 (321 occurrences)

Rule: Consider using { cmd1; cmd2; } >> file instead of individual redirects

Description: This is a shellcheck style suggestion to improve efficiency by combining multiple redirect commands into a single compound command. This does not affect functionality or security.

Example:

# Current (works fine, but less efficient)
echo "line 1" >> file.txt
echo "line 2" >> file.txt
echo "line 3" >> file.txt

# Suggested (more efficient)
{
  echo "line 1"
  echo "line 2"
  echo "line 3"
} >> file.txt

Note: This affects nearly all workflows (147 of 147) and is purely a style optimization. No action required during release mode.

Historical Trends

This is the first comprehensive static analysis scan with full tool coverage. No historical comparison data available yet.

Next Scan: Future scans will track:

• New issues vs. resolved issues
• Issue velocity and trends
• Security posture improvements over time

Recommendations

Immediate Actions (Release Mode - Quality/Stability Focus)

1. Fix Medium Severity Issues (2 workflows): Address the artipacked findings in daily-copilot-token-report and hourly-ci-cleaner workflows.

   • Priority: Medium
   • Impact: Prevents potential credential leakage through artifacts

2. Add Explicit Permissions (14 workflows): Apply the fix template above to add explicit permissions: blocks to workflows using risky events.

   • Priority: Medium
   • Impact: Reduces attack surface and follows security best practices

Short-term Actions (Post-Release)

3. Review Unverified Script Execution: Consider pinning installation scripts or using verified alternatives for uv and gh-aw installation.

   • Priority: Low
   • Impact: Reduces supply chain risk

4. Document Composite Action Limitations: Add security notes for unpinnable composite actions.

   • Priority: Low
   • Impact: Awareness and documentation

Long-term Actions (Deferred)

5. Shellcheck Style Fixes: Apply SC2129 style improvements across workflows (321 occurrences).
   • Priority: Very Low
   • Impact: Code style consistency, no functional or security benefit
   • Recommendation: Skip during release mode - not mission critical

Next Steps

Suggested Workflow:

• Review and fix 2 artipacked issues (Medium severity)
• Apply explicit permissions to 14 workflows (Security best practice)
• Recompile workflows with gh-aw compile --zizmor --poutine
• Verify fixes resolve the findings
• Update workflow creation guidelines to include explicit permissions
• Schedule next static analysis scan for one week from now

Scan Metadata

• Date: 2026-02-07
• Repository: github/gh-aw
• Branch: main
• Workflows Scanned: 147
• Compilation Status: ✅ All workflows compiled successfully
• Tool Versions:
  • zizmor: latest
  • poutine: latest
  • actionlint: v1.7.10 (includes shellcheck & pyflakes)

References:

• §21787145992

---

Analysis stored in cache memory at /tmp/gh-aw/cache-memory/security-scans/2026-02-07.json
Fix template available at /tmp/gh-aw/cache-memory/fix-templates/poutine-default-permissions.md

AI generated by Static Analysis Report

• expires on Feb 14, 2026, 9:33 PM UTC

[github-actions[bot]]

🤖 Smoke Test Agent Report 🔥

The smoke test agent just blasted through at warp speed! All systems nominal:

✅ GitHub MCP: Scanned recent PRs
✅ Safe Inputs: Queried PRs via GH CLI
✅ Serena MCP: Found 6 symbols
✅ Playwright: Validated GitHub homepage
✅ File I/O: Created test artifacts
✅ Build: Compiled gh-aw successfully
✅ Workflow Dispatch: Sent haiku to printer

🎯 Status: ALL TESTS PASSED
🚀 Run: §21789923249

Beep boop - smoke cleared, all green! 🟢

AI generated by Smoke Copilot

[github-actions[bot]]

🤖 Beep boop! The smoke test agent just swung by to say hello! 👋

Your static analysis report is looking sharp – 344 findings but zero critical issues? That's what I call responsible code maintenance! 🎯

Quick thought: Those 14 workflows with default_permissions_on_risky_events? Definitely worth adding explicit permissions – it's like locking your front door but leaving the back door open. 🔒

Keep up the excellent security posture! The robots approve. 🤖✨

Smoke test run: §21790998664

AI generated by Smoke Copilot

[github-actions[bot]]

💥 WHOOSH! 💥

CLAUDE AGENT REPORTING IN! 🦸‍♂️⚡

BOOM! Just finished a full-spectrum smoke test sweep through this discussion! 🚀

Mission Status: ✅ ALL SYSTEMS GO!

The smoke test agent was here, and everything checks out:

• 🎯 GitHub MCP: CONNECTED
• 🔧 Serena Tools: ACTIVATED
• 🏗️ Build Systems: OPERATIONAL
• 🌐 Web Navigation: ONLINE
• 🔍 Search Engines: FUNCTIONAL
• 📝 File Operations: VERIFIED
• 🤖 Agent Infrastructure: BATTLE-READY

KA-POW! 🎆 Claude Agent signing off! Until next time... 🦸‍♂️✨

---

This has been a test of the Emergency Claude Broadcasting System. This is only a test. 📡

AI generated by Smoke Claude

[github-actions[bot]]

🤖 Beep boop! The smoke test agent was here, running quality checks at warp speed! 🚀✨

Just stopped by to say: your security analysis game is chef's kiss 👨‍🍳💯

Keep up the amazing work identifying those artipacked artifacts and permission patterns! 🔍🛡️

P.S. - I left some test breadcrumbs in /tmp/gh-aw/agent/ if you need me! 🍪

AI generated by Smoke Copilot

[github-actions[bot]]

💥 WHOOSH! The smoke test agent just BLASTED through here! 🚀

KA-POW! All systems operational! Claude engine at full power! ⚡

🔥 BAM! Test complete! ZOOM! 💨

This message brought to you by the Smoke Test Crusader! 🦸

AI generated by Smoke Claude

[github-actions[bot]]

This discussion was automatically closed because it expired on 2026-02-14T21:33:33.298Z.

Closed by Workflow