You are fixing a High-severity security vulnerability identified by zizmor in `.github/workflows/dev-hawk.md`.
**Vulnerability**: Dangerous use of environment file (`$GITHUB_ENV`)
**Rule**: github-env — (docs.zizmor.sh/redacted)
**Location**: Around line 1323 in the compiled dev-hawk.lock.yml (step id: ghes-host-config)
**Why it's dangerous**:
Writing to `$GITHUB_ENV` from a `run:` step can allow environment variable injection
if the written value is not strictly validated. An attacker who controls the input
source could inject newlines to smuggle additional KEY=VALUE pairs, affecting later steps.
**Required Fix** — choose the safest option:
Option A: Validate value before writing to $GITHUB_ENV
```yaml
- name: Configure GH host
id: ghes-host-config
shell: bash
run: |
GH_HOST=$(echo "$GITHUB_SERVER_URL" | sed 's|https://||' | tr -d '\n\r')
if [[ ! "$GH_HOST" =~ ^[a-zA-Z0-9._-]+$ ]]; then
echo "::error::Unexpected GH_HOST value: $GH_HOST"
exit 1
fi
echo "GH_HOST=$GH_HOST" >> "$GITHUB_ENV"
### All Findings Details
<details>
<summary>Expression Errors (actionlint) — 4 Workflows</summary>
#### ace-editor
- Line 594: `needs.activation.outputs.activated` — property `activated` not defined in activation outputs type
#### smoke-claude
- Line 864, 2468: `needs.activation.outputs.artifact_prefix` — property `artifact_prefix` not defined
#### smoke-workflow-call-with-inputs
- Lines 122–125: `job.workflow_repository`, `job.workflow_sha`, `job.workflow_ref`, `job.workflow_file_path` — these properties are not in actionlint's `job` type schema (likely newer GitHub Actions features)
#### smoke-workflow-call
- Lines 125–128: Same `job.*` properties as above
</details>
<details>
<summary>Template Injection Findings (zizmor Informational) — 28 Workflows</summary>
Informational-level template injection findings were detected in 28 workflows including:
ai-moderator, auto-triage-issues, contribution-check, daily-doc-updater, daily-issues-report, discussion-task-miner, grumpy-reviewer, issue-arborist, issue-monster, issue-triage-agent, org-health-report, plan, pr-triage-agent, q, refiner, scout, smoke-agent-all-merged, smoke-agent-all-none, smoke-agent-public-approved, smoke-agent-public-none, and more.
These are classified Informational (not High) in today's scan, indicating they do not directly interpolate untrusted data into shell commands without sanitization.
</details>
<details>
<summary>Poutine Unverified Action Usage</summary>
Workflows using GitHub Actions from unverified creators (pinned to SHA but creator not GitHub-verified):
- `astral-sh/setup-uv` — copilot-token-audit, copilot-setup-steps, copilot-token-optimizer, mcp-inspector
- `actions-ecosystem/action-add-labels` — smoke-codex
- `gaurav-nelson/github-action-markdown-link-check` — link-check
- `super-linter/super-linter` — super-linter
Script execution from external URLs (curl | bash pattern):
- `copilot-token-audit`, `copilot-setup-steps`, `copilot-token-optimizer` — install-gh-aw.sh from raw.githubusercontent.com
- `smoke-workflow-call`, `smoke-workflow-call-with-inputs` — bash scripts from checked-out repo
</details>
### Historical Trends
| Date | Total | Zizmor | Poutine | Actionlint | Runner-Guard |
|------|-------|--------|---------|------------|--------------|
| 2026-03-29 | 7,383 | 3,455 | — | 3,928 | — |
| 2026-04-03 | 9,757 | 4,789 | 39 | 4,929 | — |
| 2026-04-10 | 4,379 | 4,051 | 22 | 306 | 0 |
| 2026-04-11 | 4,287 | 4,135 | 22 | 130 | 0 |
| **2026-04-12** | **4,440** | **4,312** | **22** | **106** | **0** |
**Change vs yesterday**: +153 total (+3.6%)
**Improvements since yesterday**:
- ✅ shellcheck: 24 → 0 (resolved)
- ✅ artipacked: 2 → 0 (resolved)
**Regressions since yesterday**:
- ⚠️ secrets-outside-env: 4,027 → 4,206 (+179, likely new workflows added)
**Long-term trend**: Significant reduction from the 9,757 peak on 2026-04-03. The large drop in actionlint from 4,000+ to 106 reflects a schema/compilation fix deployed around 2026-04-10.
### Recommendations
1. **Immediate**: Fix the `github-env` High severity finding in `dev-hawk` (use the fix prompt above)
2. **Short-term**: Add `# poutine:ignore untrusted_checkout_exec` to the remaining un-suppressed findings in `smoke-workflow-call` and `smoke-workflow-call-with-inputs` if they are intentional test behaviors
3. **Monitor**: Track the +179 increase in `secrets-outside-env` findings — likely from newly added workflows, but confirm no accidental secret expansion
4. **Long-term**: Investigate actionlint's `copilot-requests` permission scope warning; consider adding an actionlint config override if this is a deliberate non-standard permission
### Next Steps
- [ ] Apply `github-env` fix in `dev-hawk.md`
- [ ] Review `smoke-workflow-call` and `smoke-workflow-call-with-inputs` for poutine suppression
- [ ] Confirm `secrets-outside-env` +179 increase is from new workflows (not a security regression)
- [ ] Verify `copilot-requests` permission is intentional and update actionlint config if needed
**References:**
- [§24314776288](https://github.com/github/gh-aw/actions/runs/24314776288) — Current run
- [§24290033455](https://github.com/github/gh-aw/actions/runs/24290033455) — Previous run (2026-04-11)
- [§24260816813](https://github.com/github/gh-aw/actions/runs/24260816813) — 2026-04-10
> Generated by [Static Analysis Report](https://github.com/github/gh-aw/actions/runs/24314776288/agentic_workflow) · ● 371K · [◷](https://github.com/search?q=repo%3Agithub%2Fgh-aw+is%3Aissue+%22gh-aw-workflow-call-id%3A+github%2Fgh-aw%2Fstatic-analysis-report%22&type=issues)
> - [x] expires <!-- gh-aw-expires: 2026-04-19T19:47:36.903Z --> on Apr 19, 2026, 7:47 PM UTC
<!-- gh-aw-agentic-workflow: Static Analysis Report, engine: claude, model: auto, id: 24314776288, workflow_id: static-analysis-report, run: https://github.com/github/gh-aw/actions/runs/24314776288 -->
<!-- gh-aw-workflow-id: static-analysis-report -->
<!-- gh-aw-workflow-call-id: github/gh-aw/static-analysis-report -->
Analysis Summary
Static analysis scan completed on 2026-04-12 across all agentic workflows in
github/gh-aw.Findings by Tool
Clustered Findings by Tool and Type
Zizmor Security Findings
Poutine Supply Chain Findings
Actionlint Linting Issues
copilot-requestsscopeRunner-Guard Taint Analysis
Runner-Guard Score: N/A — 0 findings detected. No source-to-sink vulnerabilities found this run.
Top Priority Issues
1.
github-env— Dangerous Environment File Usage (High)dev-hawk(line 1323 in compiled YAML)run:step writes to$GITHUB_ENVin a way zizmor flags as potentially unsafe. If the value derives from attacker-influenced input, it enables environment variable injection across subsequent steps.2.
untrusted_checkout_exec— Arbitrary Code from Checkout (poutine error)smoke-workflow-call,smoke-workflow-call-with-inputsbashexecution on code from a checked-out repo (not ignored via# poutine:ignore). These are likely test workflows where this is acceptable, but the findings remain.3.
copilot-requests: write— Unknown Permission Scope (actionlint error)copilot-requestsis not a recognized GitHub Actions permission scope in actionlint's schema. This is likely a newer/custom permission not yet in actionlint's built-in list.Fix Suggestion for
github-env(High Severity)Issue: Dangerous use of
$GITHUB_ENVenvironment fileSeverity: High
Affected Workflows: 1 (
dev-hawk)Prompt to Copilot Agent:
Option B: Use step output instead of $GITHUB_ENV
Then reference it in subsequent steps as
$\{\{ steps.ghes-host-config.outputs.gh_host }}.Please apply the appropriate fix to
.github/workflows/dev-hawk.md.