🔍 Static Analysis Report - November 4, 2025

[github-actions[bot]]

🔍 Static Analysis Report - November 4, 2025

Overview

Today's static analysis scan examined all 66 agentic workflows using three complementary tools: zizmor (security), poutine (supply chain), and actionlint (linting). The scan identified 14 findings across 4 workflows, with 1 Medium severity issue and 9 Low severity issues requiring attention.

Key Highlights

• ✅ 66 workflows scanned (100% coverage)
• ⚠️ 14 total findings (1 Medium, 9 Low, 4 Info)
• 🔴 1 Medium severity: Excessive permissions in copilot-pr-nlp-analysis
• 🟡 9 Low severity: Template injection in MCP setup steps
• ℹ️ 4 Info: Shellcheck warnings in bash scripts
• ✅ 0 Critical or High severity issues
• 📊 4 workflows affected by security/quality issues

Full Analysis Report

Detailed Statistics

Findings by Tool

Tool	Total	Critical	High	Medium	Low	Info
zizmor (security)	10	0	0	1	9	0
actionlint (linting)	4	0	0	0	0	4
poutine (supply chain)	0	0	0	0	0	0
Total	14	0	0	1	9	4

Findings by Workflow

Workflow	Zizmor	Actionlint	Total
copilot-pr-nlp-analysis	1	3	4
duplicate-code-detector	4	0	4
smoke-codex	4	0	4
mcp-inspector	1	0	1
Other 62 workflows	0	0	0

Compilation Warnings

Type	Count	Impact
Network firewalling not supported (Claude)	8	Low - Claude engine limitation
Action resolution (upload-artifact)	8	Low - Using hardcoded pins
Web-search not supported (Copilot)	3	Low - Engine limitation
Missing workflow permissions	3	Medium - May cause runtime failures
pip package validation (markitdown-mcp)	3	Low - Package may not exist
Agent configuration error	1	Medium - Workflow may fail

Clustered Findings by Type

1. Zizmor Security Findings

1.1 Excessive Permissions (Medium Severity)

Issue: excessive-permissions
Count: 1 occurrence
Severity: Medium
Reference: (redacted)#excessive-permissions

Workflow	Location	Permission	Reason
copilot-pr-nlp-analysis	Line 51	discussions: write	May not be necessary for workflow operations

Impact: Overly broad permissions increase attack surface and violate least privilege principle.

Recommendation: Review if discussions: write is actually needed. If the workflow only reads data and creates artifacts, this permission should be removed or downgraded to discussions: read.

---

1.2 Template Injection (Low Severity)

Issue: template-injection
Count: 9 occurrences (4 + 1 + 4)
Severity: Low
Reference: (redacted)#template-injection

Workflow	Occurrences	Location	Step Name
duplicate-code-detector	4	Line 1045	Setup MCPs
mcp-inspector	1	Line 1121	Setup MCPs
smoke-codex	4	Line 1027	Setup MCPs

Pattern: All occurrences are in "Setup MCPs" steps, suggesting a common pattern across workflows.

Impact: Code injection via template expansion. Risk is mitigated because:

• Steps run early before external input is processed
• MCP configuration typically uses controlled values
• Runs in sandboxed GitHub Actions environment

Recommendation:

1. Pass template expressions through env: block instead of direct expansion
2. Add input validation for any user-provided data
3. Use hardcoded values where possible

---

2. Actionlint Findings

2.1 Shellcheck: SC2162 (Read without -r)

Issue: shellcheck:SC2162
Count: 1 occurrence
Severity: Info
Description: read without -r will mangle backslashes

Workflow	Location	Context
copilot-pr-nlp-analysis	Line 187	while read PR_NUM; do

Fix: Change read PR_NUM to read -r PR_NUM

---

2.2 Shellcheck: SC2086 (Unquoted Variables)

Issue: shellcheck:SC2086
Count: 2 occurrences
Severity: Info
Description: Double quote to prevent globbing and word splitting

Workflow	Location	Context
copilot-pr-nlp-analysis	Line 187	Variable usage in gh pr view
copilot-pr-nlp-analysis	Line 187	Variable usage in pr-${PR_NUM}.json

Fix: Add quotes around variables: "$PR_NUM", "${PR_NUM}"

---

3. Poutine Supply Chain Findings

Status: ✅ No findings
Note: No supply chain security issues detected in any workflow.

---

Permission Warnings

3 workflows have missing permissions that may cause runtime failures:

example-permissions-warning.md

Missing permissions:

• contents: write (required by repos toolset)
• issues: write (required by issues toolset)
• pull-requests: write (required by pull_requests toolset)

python-data-charts.md

Missing permissions:

• issues: read (required by issues toolset)
• pull-requests: read (required by pull_requests toolset)

test-secret-masking.md

Missing permissions:

• issues: read (required by issues toolset)
• pull-requests: read (required by pull_requests toolset)

Fix: Add the missing permissions to each workflow's frontmatter permissions: section.

---

Priority Issues (Ranked)

🔴 Priority 1: Excessive Permissions (Medium)

Issue: copilot-pr-nlp-analysis has discussions: write permission
Severity: Medium
Impact: Increases attack surface, violates least privilege
Fix Complexity: Low - Review and remove if not needed
Action: Review workflow to determine if discussions:write is actually used

🟡 Priority 2: Template Injection (Low)

Issue: 9 template-injection warnings in MCP setup steps
Severity: Low
Workflows: duplicate-code-detector, mcp-inspector, smoke-codex
Impact: Potential code injection in controlled environment
Fix Complexity: Medium - Refactor to use env: block
Action: Pass template expressions through environment variables

🟡 Priority 3: Shellcheck Warnings (Info)

Issue: SC2086 (unquoted variables) and SC2162 (read without -r)
Severity: Info
Workflow: copilot-pr-nlp-analysis
Impact: Could cause script failures with special characters
Fix Complexity: Low - Add quotes and -r flag
Action: Fix shellcheck warnings in bash scripts

🟡 Priority 4: Missing Permissions (Medium)

Issue: 3 workflows missing required permissions
Severity: Medium
Impact: Workflows may fail at runtime
Fix Complexity: Low - Add permissions to frontmatter
Action: Add missing permissions to workflow configuration

---

Fix Guidance

Priority 1 Fix: Excessive Permissions

Workflow: copilot-pr-nlp-analysis.md

Current:

permissions:
  actions: read
  contents: read
  discussions: write    # ← Excessive
  issues: read
  pull-requests: read

Recommended Fix:

permissions:
  actions: read
  contents: read
  # Remove discussions: write if not needed
  # OR downgrade to discussions: read if only reading
  issues: read
  pull-requests: read

Steps:

1. Review workflow to check if it creates/updates discussions
2. If not needed, remove discussions: write
3. If only reading, downgrade to discussions: read
4. Recompile: gh aw compile copilot-pr-nlp-analysis
5. Verify: gh aw compile --zizmor copilot-pr-nlp-analysis

---

Priority 2 Fix: Template Injection

Workflows: duplicate-code-detector.md, mcp-inspector.md, smoke-codex.md

Pattern: All in "Setup MCPs" step

Current (Problematic):

- name: Setup MCPs
  run: |
    echo "Config: ${{ github.event.inputs.some_value }}"

Recommended Fix:

- name: Setup MCPs
  env:
    CONFIG_VALUE: ${{ github.event.inputs.some_value }}
  run: |
    echo "Config: $CONFIG_VALUE"

Steps:

1. Identify all ${{ }} template expressions in the "Setup MCPs" step
2. Move them to the env: block
3. Reference them as environment variables in the script
4. Recompile each workflow
5. Verify with zizmor

---

Priority 3 Fix: Shellcheck Warnings

Workflow: copilot-pr-nlp-analysis.md

Fix 1: SC2162 (read without -r)

# Before
while read PR_NUM; do

# After  
while read -r PR_NUM; do

Fix 2: SC2086 (unquoted variables)

# Before
gh pr view "$PR_NUM"
> /tmp/gh-aw/pr-comments/pr-${PR_NUM}.json

# After
gh pr view "$PR_NUM"
> "/tmp/gh-aw/pr-comments/pr-${PR_NUM}.json"

---

Historical Trends

Comparison with Previous Scan (2025-11-04 17:44:00Z)

Metric	Previous	Current	Change
Total Findings	13	14	+1
High Severity	1	0	-1 ✅
Medium Severity	0	1	+1 ⚠️
Low Severity	9	9	0
Workflows Scanned	66	66	0

Notable Changes

✅ Improvement:

• High severity "dangerous-triggers" issue no longer detected (may have been resolved or not visible in current scan)

⚠️ New Findings:

• excessive-permissions detected in copilot-pr-nlp-analysis (Medium severity)
• actionlint shellcheck errors now visible (4 info-level findings)

📊 Trend:

• Overall security posture improving (High → Medium)
• More granular detection with actionlint integration
• Consistent Low severity template-injection pattern across MCP setup steps

---

Recommendations

Immediate Actions (Week 1)

1. ✅ Fix excessive-permissions in copilot-pr-nlp-analysis (Priority 1, Medium severity)
2. ✅ Add missing permissions to 3 workflows (Priority 4, prevents runtime failures)
3. ✅ Fix shellcheck warnings in copilot-pr-nlp-analysis (Priority 3, quick wins)

Short-term Actions (Week 2-4)

4. 🟡 Address template-injection in MCP setup steps (Priority 2, affects 3 workflows)
5. 🟡 Review network firewalling warnings for Claude workflows (8 workflows affected)
6. 🟡 Validate markitdown-mcp package dependency (3 workflows affected)
7. 🟡 Fix technical-doc-writer agent configuration error

Long-term Actions (Month 1-3)

8. 📋 Integrate zizmor into CI/CD to catch issues before merge
9. 📋 Create workflow security guidelines based on findings
10. 📋 Update workflow templates to prevent common patterns
11. 📋 Establish regular scanning cadence (daily/weekly)
12. 📋 Create security review checklist for new workflows

---

Security Best Practices

Based on findings, here are recommended practices for future workflows:

1. Permissions (Least Privilege)

✅ DO:

• Start with minimal read-only permissions
• Add write permissions only when proven necessary
• Document why each permission is needed

❌ DON'T:

• Grant broad write permissions preemptively
• Use permissions: write-all (if available)
• Leave permissions undocumented

2. Template Expressions (Injection Prevention)

✅ DO:

• Pass template expressions through env: block
• Validate user input before use
• Use hardcoded values when possible

❌ DON'T:

• Use ${{ }} directly in run: scripts
• Trust user input without validation
• Expand templates in security-critical contexts

3. Shell Scripts (Quality)

✅ DO:

• Quote all variables: "$VAR"
• Use read -r to preserve backslashes
• Run shellcheck during development

❌ DON'T:

• Leave variables unquoted
• Ignore shellcheck warnings
• Assume inputs are safe

---

Tools Information

Zizmor (Security Scanner)

• Version: Latest
• Purpose: Detect security vulnerabilities in GitHub Actions workflows
• Audits: 15+ security checks including template injection, dangerous triggers, excessive permissions
• Documentation: (redacted)

Actionlint (Workflow Linter)

• Version: Latest (includes shellcheck integration)
• Purpose: Lint GitHub Actions workflow files for errors and best practices
• Checks: Syntax errors, shellcheck integration, expression validation
• Documentation: https://github.com/rhysd/actionlint

Poutine (Supply Chain Security)

• Version: Latest
• Purpose: Analyze GitHub Actions for supply chain security risks
• Focus: Dependency confusion, typosquatting, malicious actions
• Documentation: https://github.com/boostsecurityio/poutine

---

Cache Memory Updates

Analysis results stored in:

• /tmp/gh-aw/cache-memory/security-scans/2025-11-04-evening-scan.json
• /tmp/gh-aw/cache-memory/security-scans/index.json (updated)

Fix templates created:

• /tmp/gh-aw/cache-memory/fix-templates/excessive-permissions-copilot-pr-nlp-analysis.md
• /tmp/gh-aw/cache-memory/fix-templates/template-injection-mcp-setup.md

---

Next Steps

1. Review this report and prioritize fixes based on severity and impact
2. Apply fixes for Priority 1 and Priority 4 issues (highest impact)
3. Test workflows after fixes to ensure they still function correctly
4. Re-scan to verify issues are resolved
5. Consider automation by adding zizmor to pre-commit hooks or CI/CD

---

Questions or Issues?

If you need help with any of the fixes or have questions about the findings:

• Check the fix templates in /tmp/gh-aw/cache-memory/fix-templates/
• Review the detailed scan results in /tmp/gh-aw/cache-memory/security-scans/
• Consult tool documentation (zizmor, actionlint, poutine)
• Open an issue for discussion

---

Scan Date: November 4, 2025 at 23:36 UTC
Scan Type: Full scan with all tools (zizmor, poutine, actionlint)
Coverage: 66/66 workflows (100%)
Tools Used: zizmor v0.x, actionlint v1.x, poutine v0.x

Overall Security Posture: 🟢 Good (0 Critical/High, 1 Medium, 9 Low)

AI generated by Static Analysis Report

[pelikhan]

/plan

[github-actions[bot]]

✅ Agentic Plan Command completed successfully.

[github-actions[bot]]

This discussion was automatically closed because it was created by an agentic workflow more than 1 week ago.