All runner-guard findings have existing tracking issues. No new Critical/High issues to create. Existing tracking issues: #28154 (RGS-018), #28155 (RGS-008), #28156 (RGS-004), #28488 (RGS-012).
You are fixing a security vulnerability identified by runner-guard (RGS-008).
**Vulnerability**: Secret Directly Interpolated in run Block
**Rule**: RGS-008 — https://github.com/Vigilant-LLC/runner-guard
**Current Issue**:
In many workflows, secrets are interpolated directly into `run:` blocks using
`${{ secrets.SOME_SECRET }}` syntax. This embeds the secret as plain text in the
shell script source before execution, exposing it to:
- Error messages and debug output
- Shell history and /proc filesystem
- Log masking bypass via side channels
- Amplified impact of any expression injection vulnerability
**Required Fix**:
Move all `${{ secrets.* }}` expressions from inside `run:` blocks to the `env:`
mapping of that step. Reference them in the script via environment variable syntax.
**Example**:
Before (insecure):
```yaml
- name: Start MCP Gateway
run: |
start_gateway.sh --token ${{ secrets.API_TOKEN }}
Apply this fix to all affected workflows flagged by runner-guard RGS-008 in .github/workflows/.
<details>
<summary>View All Findings Details</summary>
#### Zizmor — github-env (High)
- `dev-hawk.lock.yml:1403`: A step derives `GH_HOST` from `GITHUB_SERVER_URL` and writes it to `$GITHUB_ENV`. In GHES environments this could be manipulated. The step has a comment indicating intentional GHES support behavior. [Carried over since 2026-04-24]
#### Zizmor — secrets-inherit (Medium)
- `smoke-call-workflow.lock.yml`: Calls smoke-workflow-call with `secrets: inherit`, propagating all secrets to the called workflow.
#### Zizmor — template-injection (Informational/Low, 85 instances)
Affecting ~28 workflows: `ai-moderator`, `auto-triage-issues`, `contribution-check`, `daily-doc-updater`, `daily-issues-report`, `daily-token-consumption-report`, `discussion-task-miner`, `grumpy-reviewer`, `issue-arborist`, `issue-monster`, `issue-triage-agent`, `org-health-report`, `plan`, `pr-triage-agent`, `q`, `refiner`, `scout`, `smoke-agent-*`, `smoke-copilot`, `smoke-service-ports`, `stale-repo-identifier`, `weekly-issue-summary`, and others.
#### Zizmor — obfuscation (Low, 22 instances)
All relate to the `GH_AW_WIKI_NOTE: ${{ '' }}` pattern — an intentional empty-string placeholder for wiki note configuration. By design.
#### Actionlint — Unknown Permission Scopes (101 errors)
`copilot-requests: write` appears in 50+ workflows. GitHub-internal/preview permission scope not yet in actionlint's schema. False positives.
#### Actionlint — Undefined Expression Properties (11 errors)
- `ace-editor`: `needs.activation.outputs.activated`
- `smoke-claude`: `needs.activation.outputs.artifact_prefix` (×2)
- `smoke-workflow-call` / `smoke-workflow-call-with-inputs`: `job.workflow_repository`, `job.workflow_sha`, `job.workflow_ref`, `job.workflow_file_path` — GitHub-internal `job` context properties not yet in actionlint's schema
#### Poutine — Unverified Actions (8 notes)
- `astral-sh/setup-uv@...` in `mcp-inspector`, `copilot-token-audit`, `copilot-setup-steps`
- `gaurav-nelson/github-action-markdown-link-check@...` in `link-check.yml` (×2)
- `super-linter/super-linter@...` in `super-linter`
- `actions-ecosystem/action-add-labels@...` in `smoke-codex`
#### Poutine — Unverified Script Execution (4 notes)
`curl -fsSL .../install-gh-aw.sh | bash` in `copilot-setup-steps.yml`, `copilot-token-optimizer`, `copilot-token-audit` — downloading and executing unverified scripts from main branch without SHA pinning.
#### Runner-Guard — RGS-004 (High, 1,397 instances, 16 workflows)
Workflows triggered by `issue_comment` / `pull_request_review_comment` without verifying `author_association`. Tracked in #28156.
**Affected workflows**: `unbloat-docs`, `ace-editor`, `ai-moderator`, `tidy`, `plan`, `q`, `scout`, `brave`, `cloclo`, `dev-hawk`, `grumpy-reviewer`, `pdf-summary`, `pr-nitpick-reviewer`, `security-review`, `archie`, `mergefest`
#### Runner-Guard — RGS-008 (High, 86 instances, ~85 workflows)
Widespread across most agentic workflows using the MCP Gateway `start-mcp-gateway` step pattern. Tracked in #28155.
#### Runner-Guard — RGS-018 (High, 38 instances, 35 workflows)
Primarily the `jqschema.sh` heredoc setup script flagged as a suspicious payload pattern. Affected: `cli-version-checker`, `copilot-session-insights`, `deep-report`, `org-health-report`, `issue-arborist`, `smoke-copilot-arm`, `smoke-crush`, and ~28 others. Tracked in #28154.
#### Runner-Guard — RGS-005 (Medium, 46 instances, 15 workflows)
Write permissions on comment/PR-triggered workflows without sufficient isolation. Primarily `unbloat-docs.lock.yml` and `tidy.lock.yml`.
#### Runner-Guard — RGS-006 (High, 1 instance)
- `copilot-token-audit.lock.yml:472`: `curl -fsSL .../install-gh-aw.sh | bash` — downloading and executing remote scripts without integrity verification.
#### Runner-Guard — RGS-012 (High, 3 instances)
- `visual-regression-checker.lock.yml`: outbound HTTP requests in job with secrets access (tracked #28488)
- `docs-noob-tester.lock.yml`: `curl localhost:4321` in job with secrets access (tracked #28488)
</details>
### Historical Trends
| Metric | 2026-04-24 | 2026-04-25 | 2026-04-26 | 2026-04-27 | 2026-04-28 | Δ |
|--------|-----------|-----------|-----------|-----------|-----------|---|
| Workflows Scanned | 201 | 202 | 205 | 205 | 202 | -3 |
| Total Findings | ~1,817 | ~1,818 | ~1,821 | 1,820 | 1,817 | -3 |
| Runner-guard Total | 1,569 | 1,569 | 1,571 | 1,571 | 1,571 | 0 |
| Actionlint Issues | 116 | 115 | 115 | 115 | 114 | -1 |
| Zizmor Total | 110 | 110 | 110 | 110 | 109 | -1 |
| Poutine Total | 24 | 24 | 24 | 24 | 23 | -1 |
Small reductions across actionlint, zizmor, and poutine consistent with 3 fewer workflows being scanned today (202 vs 205). Runner-guard total remains stable at 1,571 with minor shifts: RGS-004 +3, RGS-018 -2, RGS-006 -1.
#### New Issues
None — all finding types were present in previous scans.
#### Resolved Issues
None — small count reductions are due to 3 fewer workflows, not fixed vulnerabilities.
### Recommendations
1. **Ongoing**: Apply RGS-008 fix pattern (move secrets to `env:` block) across ~85 affected workflows (#28155)
2. **Ongoing**: Continue work on RGS-004 (#28156) — 1,397 instances across 16 workflows
3. **Ongoing**: Continue work on RGS-018 (#28154) — 38 instances across 35 workflows
4. **Short-term**: Review `dev-hawk` github-env High zizmor finding — consider alternative to `$GITHUB_ENV` for `GH_HOST`
5. **Short-term**: Fix RGS-006 `curl|bash` pattern in `copilot-token-audit`
6. **Long-term**: Establish automated pre-merge static analysis checks in CI/CD
### Next Steps
- [ ] Continue RGS-008 remediation (#28155) — 86 instances across ~85 workflows
- [ ] Continue RGS-004 remediation (#28156) — 1,397 instances across 16 workflows
- [ ] Continue RGS-018 remediation (#28154) — 38 instances across 35 workflows
- [ ] Fix RGS-006 `curl|bash` pattern in `copilot-token-audit`
- [ ] Review `dev-hawk` github-env High zizmor finding
- [ ] Investigate 3 missing workflows vs yesterday (205→202)
**References:**
- [§25074607105](https://github.com/github/gh-aw/actions/runs/25074607105)
- Previous report: #28791 (2026-04-27)
> Generated by [Static Analysis Report](https://github.com/github/gh-aw/actions/runs/25074607105/agentic_workflow) · ● 472.6K · [◷](https://github.com/search?q=repo%3Agithub%2Fgh-aw+is%3Aissue+%22gh-aw-workflow-call-id%3A+github%2Fgh-aw%2Fstatic-analysis-report%22&type=issues)
> - [x] expires <!-- gh-aw-expires: 2026-05-05T20:08:50.269Z --> on May 5, 2026, 8:08 PM UTC
<!-- gh-aw-agentic-workflow: Static Analysis Report, engine: claude, model: auto, id: 25074607105, workflow_id: static-analysis-report, run: https://github.com/github/gh-aw/actions/runs/25074607105 -->
<!-- gh-aw-workflow-id: static-analysis-report -->
<!-- gh-aw-workflow-call-id: github/gh-aw/static-analysis-report -->
Analysis Summary
Static analysis scan completed on 2026-04-28 using four tools against all 202 agentic workflow files in this repository. All 202 workflows compiled successfully.
Findings by Tool
Runner-Guard Taint Analysis
All runner-guard findings have existing tracking issues. No new Critical/High issues to create. Existing tracking issues: #28154 (RGS-018), #28155 (RGS-008), #28156 (RGS-004), #28488 (RGS-012).
Clustered Findings by Tool
Actionlint Linting Issues
copilot-requestsunknown permission scopejob.*,needs.*.outputs.*)copilot-requests: writeremains unrecognized by actionlint — GitHub-internal/preview permission scope not yet in actionlint's schema (false positives).Zizmor Security Findings
${{ '' }})dev-hawksmoke-call-workflowThe
dev-hawkgithub-env High finding continues to warrant review (carried over since 2026-04-24).Poutine Supply Chain Findings
Runner-Guard Taint Analysis Findings
Issues created: none (all existing — #28154, #28155, #28156, #28488)
Top Priority Issues
1. RGS-004: Comment-Triggered Workflow Without Author Authorization Check (tracked: #28156)
unbloat-docs,ace-editor,ai-moderator,tidy,plan,q,scout,brave,cloclo,dev-hawk,grumpy-reviewer,pdf-summary,pr-nitpick-reviewer,security-review,archie,mergefest2. RGS-008: Secret Directly Interpolated in run Block (tracked: #28155)
3. RGS-018: Suspicious Payload Execution Pattern (tracked: #28154)
Fix Suggestion for RGS-008 (Most Actionable — ~85 Workflows Affected)
Issue: Secrets Directly Interpolated in
run:BlocksSeverity: High
Affected Workflows: ~85 workflows (86 instances)
Prompt to Copilot Agent:
After (secure):
Steps:
${{ secrets.patterns insiderun:blocks in .github/workflows/*.mdenv:block with a suitable name${{ secrets.NAME }}in the run script with$NAME${{ github.token }}and${{ env.GITHUB_TOKEN }}used inside run blocksApply this fix to all affected workflows flagged by runner-guard RGS-008 in .github/workflows/.