You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Workflows Affected: ~197 (dominated by informational/low zizmor advisories)
Findings by Tool
Tool
Total
Critical
High
Medium
Low
Info
zizmor (security)
548
0
0
0
289
259
poutine (supply chain)
22
0
0
1
10 (error)
11 (note)
actionlint (linting)
37
-
-
-
-
37 (shellcheck)
runner-guard (taint)
333
0
322
11
-
-
No new issues today. All Critical/High runner-guard findings map to rule+file combinations already filed and closed in prior runs; per policy issue #31043, refiling closed RGS-* classes is the duplicate anti-pattern.
Clustered Findings by Tool and Type
Zizmor Security Findings
Issue Type
Severity
Count
Notes
template-injection
Informational (258) / Low (4)
262
${{ }} expansion in run: blocks of generated lock files
adhoc-packages
Low
255
ad-hoc npm/pip/go install in setup steps
obfuscation
Low
30
# poutine:ignore comment lines flagged as obfuscated usage
Per #31043, refiling these closed rule+file combinations daily is the exact duplicate anti-pattern to avoid. Every current high-severity finding has a matching closed issue for its rule class + file → skipped. No open duplicates existed to comment on. 0 new issues created (limit 3).
Fix Suggestion for RGS-018 (Suspicious Payload Execution — curl | sh installers)
Issue: Piping a remotely fetched script directly into a shell (curl -fsSL ... | sh) gives an upstream host, or anyone who can MITM the download, arbitrary code execution on the runner with access to job secrets. Severity: High · Affected: 6 workflows (all pre-existing/tracked)
Prompt to Copilot Agent:
You are fixing a security finding (runner-guard RGS-018: Suspicious Payload Execution Pattern).
Vulnerability: A workflow `run:` step pipes a network-fetched script straight into a
shell interpreter (curl ... | sh / | bash). This is unpinned remote code execution on a
runner that holds secrets.
Required Fix (apply the strongest option that works for each tool):
1. Pin to an integrity-verified artifact: download to a file, verify a known SHA-256
checksum (or minisign/cosign signature), then execute only on match.
2. Prefer a version-pinned GitHub Action from a verified publisher over the installer script.
3. If a vendor installer must be used, pin it to an immutable tag/commit and download +
inspect + checksum before running — never pipe the raw stream into a shell.
Example — Before:
- name: Install Ollama
run: curl -fsSL (ollama.com/redacted) | sh
Example — After:
- name: Install Ollama
run: |
curl -fsSL (ollama.com/redacted) -o /tmp/ollama-install.sh
echo "<known-sha256> /tmp/ollama-install.sh" | sha256sum -c -
sh /tmp/ollama-install.sh
Apply to: daily-byok-ollama-test, smoke-codex (trufflehog), copilot-setup-steps (gh-aw
installer), and review daily-cli-performance / daily-sentrux-report / smoke-claude.
Note: several of these are source .md workflows whose .lock.yml is generated — fix the
source and recompile, do not edit lock files directly.
Historical Trends
Date
zizmor
poutine
actionlint
runner-guard
2026-07-03
553
22
40
333
2026-07-04
553
22
40
333
2026-07-05
552
22
40
333
2026-07-06
548
22
37
333
zizmor: 552 → 548 (−4) — minor drop in template-injection/adhoc-packages advisories.
actionlint: 40 → 37 (−3) — the 3 expression errors present yesterday are resolved; only shellcheck remains.
poutine / runner-guard: unchanged.
New issue types: none. Resolved: actionlint expression (undefined-property) errors.
Detailed high-severity locations
ai-moderator.lock.yml — RGS-004 at lines 1553/1560/1569/1586 (+more); RGS-005 at line 1 (write perms on comment trigger).
dev-hawk.lock.yml — RGS-004 at lines 120/128 (+more).
smoke-codex.lock.yml — RGS-018 at line 2416 (trufflehog installer); poutine unverified_script_exec at 2418.
daily-byok-ollama-test.lock.yml — RGS-018 at 450 + RGS-012; poutine unverified_script_exec at 451 (ollama installer).
copilot-setup-steps.yml — RGS-018 at 16 (gh-aw installer); poutine unverified creator (astral-sh/setup-uv) at 43.
poutine untrusted_checkout_exec (×10) all in smoke-workflow-call{,-with-inputs}.lock.yml and already carry # poutine:ignore annotations.
Recommendations
Immediate: No unaddressed Critical/High. Every high-severity runner-guard finding is a tracked false-positive or accepted-risk with a closed issue.
Short-term: If RGS-018/RGS-012 noise is unwanted, add scoped # runner-guard:ignore annotations (as already done for poutine untrusted_checkout_exec) at the known installer/telemetry sites so they stop surfacing.
Structural: Consider teaching runner-guard about gh-aw's centralized activation auth gate to eliminate the 305 RGS-004 false positives, or suppress RGS-004 for gh-aw-generated lock files.
Long-term: Keep static analysis in CI (already active); address the low-value shellcheck SC2038/SC2086 items opportunistically in source .md templates.
Next Steps
(Optional) Add # runner-guard:ignore RGS-018/RGS-012 at accepted installer/telemetry sites to reduce recurring noise.
Suppress or contextualize RGS-004 for centrally-gated gh-aw workflows.
Fix SC2038 (find ... -print0 | xargs -0) and SC2086 (quote vars) in the ~29 affected source templates and recompile.
🔍 Static Analysis Report - 2026-07-06
Analysis Summary
Findings by Tool
Clustered Findings by Tool and Type
Zizmor Security Findings
${{ }}expansion inrun:blocks of generated lock filesnpm/pip/go installin setup steps# poutine:ignorecomment lines flagged as obfuscated usagePoutine Supply Chain Findings
# poutine:ignore)ubuntu-24.04-arm)Actionlint Linting Issues (37, all shellcheck)
$expansion (usually intentional)find -printpiped toxargs— use-print029 lock files affected (agent-performance-analyzer, audit-workflows, ci-coach, daily-*, portfolio-analyst, pr-triage-agent, etc.).
Runner-Guard Taint Analysis Findings
Issues created: none (dedup — see Runner-Guard Analysis below).
Runner-Guard Analysis
All Critical/High runner-guard findings are stable, recurring, and already tracked:
workflow_run-triggered workflows. gh-aw performs author-association authorization centrally in the generated activation job; runner-guard inspects each downstream step in isolation and cannot see that upstream gate, so these are effectively false positives. Closed issues: [static-analysis] RGS-004: Comment-Triggered Workflow Without Author Authorization Check in 16 workflows #28156, [static-analysis] RGS-004: Comment-Triggered Workflow Without Author Authorization Check in scout.lock.yml #29158, [static-analysis] RGS-004: Comment-Triggered Workflow Without Author Authorization Check #29460, [static-analysis] RGS-004: Comment-Triggered Workflow Without Author Authorization Check in 16 workflows #29694, [static-analysis] RGS-004: Comment-Triggered Workflow Without Author Authorization Check #30077, [static-analysis] RGS-004: Comment-Triggered Workflow Without Author Authorization Check in pr-nitpick-reviewer.lock.yml #30778, [static-analysis] RGS-004: Comment-Triggered Workflow Without Author Authorization Check in brave.lock.yml #30945.mask_otlp_headers.sh). Closed issues: [static-analysis] RGS-012: Secret Exfiltration via Outbound HTTP Request in daily-byok-ollama-test.lock.yml #35652, [static-analysis] RGS-012: Secret Exfiltration via Outbound HTTP Request in daily-multi-device-docs-tester.lock.yml #33477, [static-analysis] RGS-012: Secret Exfiltration via Outbound HTTP Request in daily-model-inventory.lock.yml #30776, [static-analysis] RGS-012: Secret Exfiltration via Outbound HTTP Request in visual-regression-checker.lock.yml #30947, [static-analysis] RGS-012: Secret Exfiltration via Outbound HTTP Request in docs-noob-tester, visual-regression-checker #29462, [static-analysis] RGS-012: Secret Exfiltration via Outbound HTTP Request in docs-noob-tester #28488, [static-analysis] RGS-012: Secret Exfiltration via Outbound HTTP Request in visual-regression-checker #28626, [static-analysis] RGS-012: Secret Exfiltration via Outbound HTTP Request in daily-fact #28328.curl ... | shinstaller patterns for legitimate tooling (ollama, trufflehog, gh-aw extension) plus known-good execution. Closed issues: [static-analysis] RGS-018: Suspicious Payload Execution Pattern in daily-byok-ollama-test.lock.yml #35653 (daily-byok-ollama-test), [static-analysis] RGS-018: Suspicious Payload Execution Pattern in copilot-setup-steps.yml #33476 (copilot-setup-steps), and bulk class issues [static-analysis] RGS-018: Suspicious Payload Execution Pattern in multiple workflows #30777/[static-analysis] RGS-018: Suspicious Payload Execution Pattern in 36 workflows #29461/[static-analysis] RGS-018: Suspicious Payload Execution Pattern in go-logger and 36 other workflows #28154 covering the smoke-* and daily-* set.Per #31043, refiling these closed rule+file combinations daily is the exact duplicate anti-pattern to avoid. Every current high-severity finding has a matching closed issue for its rule class + file → skipped. No open duplicates existed to comment on. 0 new issues created (limit 3).
Fix Suggestion for RGS-018 (Suspicious Payload Execution —
curl | shinstallers)Issue: Piping a remotely fetched script directly into a shell (
curl -fsSL ... | sh) gives an upstream host, or anyone who can MITM the download, arbitrary code execution on the runner with access to job secrets.Severity: High · Affected: 6 workflows (all pre-existing/tracked)
Prompt to Copilot Agent:
Historical Trends
expressionerrors present yesterday are resolved; only shellcheck remains.expression(undefined-property) errors.Detailed high-severity locations
ai-moderator.lock.yml— RGS-004 at lines 1553/1560/1569/1586 (+more); RGS-005 at line 1 (write perms on comment trigger).dev-hawk.lock.yml— RGS-004 at lines 120/128 (+more).smoke-codex.lock.yml— RGS-018 at line 2416 (trufflehog installer); poutine unverified_script_exec at 2418.daily-byok-ollama-test.lock.yml— RGS-018 at 450 + RGS-012; poutine unverified_script_exec at 451 (ollama installer).copilot-setup-steps.yml— RGS-018 at 16 (gh-aw installer); poutine unverified creator (astral-sh/setup-uv) at 43.untrusted_checkout_exec(×10) all in smoke-workflow-call{,-with-inputs}.lock.yml and already carry# poutine:ignoreannotations.Recommendations
# runner-guard:ignoreannotations (as already done for poutineuntrusted_checkout_exec) at the known installer/telemetry sites so they stop surfacing..mdtemplates.Next Steps
# runner-guard:ignore RGS-018/RGS-012at accepted installer/telemetry sites to reduce recurring noise.find ... -print0 | xargs -0) and SC2086 (quote vars) in the ~29 affected source templates and recompile.References: