🔍 Static Analysis Report - 2026-05-31
Analysis Summary
- Tools: zizmor, poutine, actionlint, runner-guard
- Total Findings: 1,843 (actionlint 1,456 · runner-guard 289 · zizmor 73 · poutine 25)
- Workflows Scanned: 237 (+1) · Affected (security tools): 49
- New Issues: 0 · Comments: 0 (dedup rationale below)
Near-stable day: zizmor (73), poutine (25), runner-guard (289) are identical to 2026-05-30. Only movement is actionlint +5 (shellcheck +4, syntax-check +1), entirely from the one newly-added workflow (237 vs 236). No new runner-guard rule+file pairs; every High runner-guard finding maps to a prior closed issue.
Findings by Tool
| Tool |
Total |
High |
Medium |
Low |
Info |
| zizmor |
73 |
2 |
2 |
29 |
40 |
| poutine |
25 |
12 error |
— |
— |
12 note + 1 warning |
| actionlint |
1,456 |
— |
— |
— |
— |
| runner-guard |
289 |
280 |
9 |
— |
— |
Clustered Findings
Zizmor
| Type |
Severity |
Count |
Workflows |
| github-env |
High |
2 |
dev-hawk.lock.yml (L741, L1608) |
| artipacked |
Medium |
1 |
daily-geo-optimizer |
| excessive-permissions |
Medium |
1 |
dependabot-repair |
| template-injection |
Info/Low |
43 |
18 wf (ai-moderator, deep-report, ...) |
| obfuscation |
Low |
25 |
25 wf (${{ '' }} in GH_AW_WIKI_NOTE) |
| superfluous-actions |
Info |
1 |
smoke-codex |
Poutine
| Type |
Severity |
Count |
Workflows |
| untrusted_checkout_exec |
error |
12 |
dependabot-worker, smoke-workflow-call(-with-inputs) |
| unverified_creator_action |
note |
9 |
agentic-token-audit, copilot-setup-steps, link-check, mcp-inspector, super-linter, ... |
| unverified_script_exec |
note |
3 |
copilot-setup-steps, daily-byok-ollama-test, smoke-codex |
| pr_runs_on_self_hosted |
warning |
1 |
smoke-copilot-arm |
Actionlint
| Type |
Count |
Workflows |
| shellcheck (SC2016/SC2086) |
935 |
237 (all) |
syntax-check (queue in concurrency) |
394 |
237 (all) |
permissions (copilot-requests scope) |
111 |
57 |
| expression |
16 |
5 |
copilot-requests, concurrency.queue, and the ${{ '' }} pattern are gh-aw framework constructs upstream linters don't model — high-volume known false positives, not regressions.
Runner-Guard
| Rule |
Name |
Sev |
Count |
Workflows |
| RGS-004 |
Comment-Triggered w/o Author Auth Check |
High |
263 |
ai-moderator, dev-hawk, q |
| RGS-012 |
Secret Exfiltration via Outbound HTTP |
High |
10 |
daily-byok-ollama-test, daily-model-inventory, daily-multi-device-docs-tester, docs-noob-tester, visual-regression-checker |
| RGS-005 |
Excessive Permissions on Untrusted Trigger |
Medium |
8 |
agentic_commands, ai-moderator, q |
| RGS-018 |
Suspicious Payload Execution Pattern |
High |
7 |
copilot-setup-steps, daily-byok-ollama-test, daily-cli-performance, daily-sentrux-report, go-logger, smoke-claude, smoke-codex |
| RGS-019 |
Step Output Interpolated in run Block |
Medium |
1 |
error-message-lint |
(No numeric runner-guard score emitted this run.)
Top Priority Issues
1. zizmor github-env (High) — dev-hawk.lock.yml L741/L1608. Writing to $GITHUB_ENV can let attacker-influenced data inject env vars into later steps → potential code execution. Persists 9 days (since 2026-05-23). Most actionable High item; fix below. Ref: (docs.zizmor.sh/redacted)
2. runner-guard RGS-004 (High, 263) — comment-triggered workflows (ai-moderator, dev-hawk, q) without author_association gate. Already reviewed/tracked in closed issues.
3. poutine untrusted_checkout_exec (12) — bash after checkout in dependabot-worker / smoke-workflow-call; all carry intentional # poutine:ignore on framework helper scripts.
Fix Suggestion — zizmor github-env (High, 1 workflow)
Prompt to Copilot Agent:
You are fixing a zizmor github-env (High) finding.
Rule: github-env — (docs.zizmor.sh/redacted)
Problem: a step writes a computed value to $GITHUB_ENV, which is injected into ALL later
steps. If that value is ever influenced by untrusted input (PR title, issue/comment body,
branch name, API response), an attacker can inject NODE_OPTIONS/LD_PRELOAD/PATH and gain
code execution on the runner.
Fix:
1. Edit the gh-aw .md SOURCE/include that compiles to dev-hawk.lock.yml L741 & L1608 —
do NOT edit the generated .lock.yml.
2. Replace $GITHUB_ENV writes with step-scoped $GITHUB_OUTPUT (give the step an `id:` and
read via steps.<id>.outputs.<name>).
3. If a value must use $GITHUB_ENV, validate/escape it and ensure it can't carry untrusted data.
4. Recompile; confirm zizmor no longer reports github-env.
Before: echo "VALUE=$(some_command)" >> "$GITHUB_ENV"
After: { echo "value<<__EOF__"; some_command; echo "__EOF__"; } >> "$GITHUB_OUTPUT"
All Findings — detail
Zizmor High/Medium
- dev-hawk.lock.yml — github-env · High · L741, L1608
- daily-geo-optimizer.lock.yml — artipacked · Medium · L1412
- dependabot-repair.lock.yml — excessive-permissions · Medium · L357
- (43 template-injection + 25 obfuscation [Info/Low] omitted — framework patterns)
Poutine errors (all # poutine:ignore-annotated framework scripts)
- dependabot-worker.lock.yml — L280, L309, L430, L435
- smoke-workflow-call.lock.yml — L255, L282, L391, L396
- smoke-workflow-call-with-inputs.lock.yml — L252, L279, L390, L395
Actionlint — shellcheck 935 (SC2016/SC2086 in generated summary scripts), syntax-check 394 (concurrency.queue), permissions 111 (copilot-requests), expression 16. Dominated by gh-aw constructs; no new regressions.
Runner-Guard Analysis — Issues: 0 new, 0 comments
289 findings (280 High, 9 Medium) across 16 workflows — identical to 2026-05-30, no new rule+file pairs. Per dedup policy (closed ⇒ skip; open ⇒ comment; none ⇒ create), every High rule+file pair has a prior closed issue:
| Rule |
File(s) |
Closed issue(s) |
Decision |
| RGS-004 |
ai-moderator, dev-hawk, q |
#28156 / #29694 / #30284 |
skip |
| RGS-012 |
daily-model-inventory |
#30776 |
skip |
| RGS-012 |
daily-multi-device-docs-tester |
#33477 |
skip |
| RGS-012 |
docs-noob-tester |
#28488 |
skip |
| RGS-012 |
visual-regression-checker |
#30947 |
skip |
| RGS-012 |
daily-byok-ollama-test |
#35652 |
skip |
| RGS-018 |
go-logger, daily-cli-performance, smoke-claude, smoke-codex, copilot-setup-steps |
#28154 / #33476 |
skip |
| RGS-018 |
daily-sentrux-report |
#30532 / #29461 |
skip |
| RGS-018 |
daily-byok-ollama-test |
#35653 |
skip |
State change: #35653 (RGS-018, daily-byok-ollama-test) was open yesterday (got a recurring comment) and is now closed, so today it falls under skip.
Historical Trends
| Date |
zizmor |
poutine |
actionlint |
runner-guard |
wf |
| 05-28 |
73 |
24 |
1,450 |
285 |
236 |
| 05-29 |
73 |
25 |
1,451 |
289 |
236 |
| 05-30 |
73 |
25 |
1,451 |
289 |
236 |
| 05-31 |
73 |
25 |
1,456 |
289 |
237 |
Total 1,838 → 1,843 (+5, +0.3%) — entirely actionlint from the +1 new workflow. No new finding types or rule+file pairs. dev-hawk github-env High unresolved (day 9).
Recommendations
- Immediate: Fix the persistent zizmor github-env High in dev-hawk source (fix above).
- Short-term: Re-confirm poutine
untrusted_checkout_exec ignores remain justified.
- Long-term: Suppress framework false positives at tooling layer (actionlint
copilot-requests/concurrency.queue, zizmor ${{ '' }}) — removes ~600 noise findings.
- Prevention: Keep RGS-004/012/018 patterns behind existing auth/ignore rationale (already reviewed in closed issues).
References:
Generated by 📊 Static Analysis Report · opus48 2.4M · ◷
🔍 Static Analysis Report - 2026-05-31
Analysis Summary
Near-stable day: zizmor (73), poutine (25), runner-guard (289) are identical to 2026-05-30. Only movement is actionlint +5 (shellcheck +4, syntax-check +1), entirely from the one newly-added workflow (237 vs 236). No new runner-guard rule+file pairs; every High runner-guard finding maps to a prior closed issue.
Findings by Tool
errornote+ 1warningClustered Findings
Zizmor
${{ '' }}in GH_AW_WIKI_NOTE)Poutine
Actionlint
queuein concurrency)copilot-requestsscope)Runner-Guard
(No numeric runner-guard score emitted this run.)
Top Priority Issues
1. zizmor
github-env(High) —dev-hawk.lock.ymlL741/L1608. Writing to$GITHUB_ENVcan let attacker-influenced data inject env vars into later steps → potential code execution. Persists 9 days (since 2026-05-23). Most actionable High item; fix below. Ref: (docs.zizmor.sh/redacted)2. runner-guard RGS-004 (High, 263) — comment-triggered workflows (ai-moderator, dev-hawk, q) without
author_associationgate. Already reviewed/tracked in closed issues.3. poutine
untrusted_checkout_exec(12) —bashafter checkout in dependabot-worker / smoke-workflow-call; all carry intentional# poutine:ignoreon framework helper scripts.Fix Suggestion — zizmor
github-env(High, 1 workflow)Prompt to Copilot Agent:
All Findings — detail
Zizmor High/Medium
Poutine errors (all
# poutine:ignore-annotated framework scripts)Actionlint — shellcheck 935 (SC2016/SC2086 in generated summary scripts), syntax-check 394 (
concurrency.queue), permissions 111 (copilot-requests), expression 16. Dominated by gh-aw constructs; no new regressions.Runner-Guard Analysis — Issues: 0 new, 0 comments
289 findings (280 High, 9 Medium) across 16 workflows — identical to 2026-05-30, no new rule+file pairs. Per dedup policy (closed ⇒ skip; open ⇒ comment; none ⇒ create), every High rule+file pair has a prior closed issue:
Historical Trends
Total 1,838 → 1,843 (+5, +0.3%) — entirely actionlint from the +1 new workflow. No new finding types or rule+file pairs. dev-hawk
github-envHigh unresolved (day 9).Recommendations
untrusted_checkout_execignores remain justified.copilot-requests/concurrency.queue, zizmor${{ '' }}) — removes ~600 noise findings.References: