🔍 Static Analysis Report - January 3, 2026

[github-actions[bot]]

⚠️ Critical Infrastructure Issue - No Scan Possible

Status: 🔴 FAILED - MCP compilation error prevents scanning
Error: MCP error -32603: failed to compile workflows
Tools Status: zizmor and poutine not installed in runner environment
Impact: 10+ days without comprehensive security scanning

Analysis Summary

• Tools: zizmor, poutine, actionlint (unavailable via MCP)
• Workflows in Repository: 146 (+12 since last complete scan)
• Workflows with Lock Files: 130
• Workflows Scanned Today: 0
• Last Complete Scan: December 24, 2025 (10 days ago)
• Data Source: Historical baseline from Dec 24 + Dec 31 partial confirmation

Infrastructure Crisis

Issue	Status	Impact
MCP Compilation	🔴 BROKEN	Cannot run any static analysis
zizmor availability	❌ Not in runner	Security scanning blocked
poutine availability	❌ Not in runner	Supply chain scanning blocked
actionlint availability	⚠️ Installed but needs compilation	Linting blocked
Days since complete scan	10 days	Security blind spot

Estimated Findings (Based on 10-Day-Old Baseline)

Since no scan could run today, projections based on:

• Dec 24 complete scan: 134 workflows, 858 findings
• Dec 31 partial confirmation: 25 workflows scanned, patterns consistent
• Jan 3 repository growth: +12 workflows (134→146)

Findings by Tool (Projected)

Tool	Estimated Total	Critical	High	Medium	Warning	Info
zizmor	650-660	0	0	650-655	0	5-8
poutine	132-135	0	0	0	68-72	120
actionlint	130-135	0	0	0	60	70-75
TOTAL	912-930	0	0	650-655	128-132	195-203

Findings by Severity (Projected)

• Critical: 0
• High: 0
• Medium: 650-655 (71% of total)
• Warning: 128-132 (14% of total)
• Info/Informational: 195-203 (21% of total)

Clustered Findings by Tool and Type

Zizmor Security Findings (Projected: 650-660)

Issue Type	Severity	Count	Affected Workflows	Status
artipacked	Medium	650+	~125 (all workflows)	🔴 UNRESOLVED 10+ DAYS
excessive-permissions	Medium	2	ai-moderator, layout-spec-maintainer	⚠️ Confirmed Dec 31
template-injection	Informational	8	copilot-pr-merged-report, +3 others	ℹ️ Safe-inputs workflows

Poutine Supply Chain Findings (Projected: 132-135)

Issue Type	Severity	Count	Affected Workflows	Status
unverified_script_exec	Info	125+	~125 (all workflows)	✅ Accepted (AWF installer)
default_permissions_on_risky_events	Warning	5	ai-moderator, archie, brave, cloclo, grumpy-reviewer	⚠️ Confirmed Dec 31

Actionlint Linting Issues (Projected: 130-135)

Issue Type	Severity	Count	Affected Workflows	Status
shellcheck:SC2155	Warning	63+	~63 workflows	⚠️ Declare/assign separately
shellcheck:SC2012	Info	63+	~63 workflows	ℹ️ Use find instead of ls
syntax-check:lock-for-agent	Error	3	ai-moderator, campaign-generator	⚠️ Custom field

Top Priority Issues

1. 🔴 P0 CRITICAL: MCP Compilation Infrastructure Failure

• Impact: Cannot perform any static analysis scans
• Duration: Affecting scans since Dec 31 (intermittent), complete failure Jan 3
• Root Cause: MCP compile command returns -32603 error
• Secondary Issue: zizmor and poutine not installed in runner environment
• Security Impact: 10+ day security blind spot, unknown state of 12 new workflows
• Owner: MCP/Infrastructure team
• Action Required: IMMEDIATE investigation and fix

2. 🔴 P1 HIGH: artipacked - Credential Persistence (650+ instances)

• Severity: Medium
• Count: 650+ (estimated, up from 600+ on Dec 24)
• Affected: ~125 workflows (nearly all workflows)
• Status: UNRESOLVED FOR 10+ DAYS
• Description: GitHub Actions checkout steps may persist credentials in artifacts
• Reference: (redacted)
• Impact: Credentials could be leaked via workflow artifacts
• Fix Available: Yes (add persist-credentials: false to checkout actions)

artipacked Technical Details

What is it?
The actions/checkout action by default persists the GitHub token in the .git/config file. If this directory is later uploaded as an artifact, the token is exposed.

Why it matters?

• Artifacts can be downloaded by anyone with repository access
• Leaked tokens could be used to access repository
• Affects ~650 checkout steps across all workflows

How to fix?
Add persist-credentials: false to every checkout step:

- uses: actions/checkout@v4
  with:
    persist-credentials: false  # ← Add this

3. ⚠️ P2 MEDIUM: excessive-permissions (2 workflows)

• Severity: Medium
• Count: 2
• Workflows: ai-moderator, layout-spec-maintainer
• Description: Jobs have overly broad permissions
• Impact: Excessive privilege grants could be exploited
• Reference: (redacted)
• Fix Available: Yes

4. ⚠️ P2 MEDIUM: default_permissions_on_risky_events (5 workflows)

• Severity: Warning
• Count: 5
• Workflows: ai-moderator, archie, brave, cloclo, grumpy-reviewer
• Description: Default (read-write) permissions on events triggered by untrusted users
• Impact: Potential privilege escalation, repository tampering
• Security Risk: Supply chain attack vector
• Fix Available: Yes (detailed template below)

Fix Suggestion for default_permissions_on_risky_events

Issue: Workflows triggered by untrusted users (issues, PR comments, slash commands) use default read-write permissions instead of explicit minimal permissions.

Security Risk:

• Untrusted actors can trigger workflows with excessive privileges
• Could lead to token exfiltration, repository tampering, or backdoor installation
• Violates principle of least privilege

Affected Workflows: ai-moderator, archie, brave, cloclo, grumpy-reviewer

Fix Instructions

Step 1: Add explicit permissions: block at workflow level

name: My Workflow

# ✅ Add minimal permissions
permissions:
  contents: read        # Read repository code
  issues: write         # If creating/updating issues
  pull-requests: write  # If commenting on PRs
  discussions: write    # If creating/updating discussions

on:
  issues:
    types: [opened]
  issue_comment:
    types: [created]
  # ... other risky events

jobs:
  agent:
    runs-on: ubuntu-latest
    # Inherits permissions from workflow level
    steps:
      - uses: actions/checkout@v4
      # ... rest of workflow

Step 2: Validate the fix

# Recompile workflow
gh aw compile --poutine (workflow-name)

# Verify warning is resolved
# Look for: No "default_permissions_on_risky_events" warnings

Permission Mapping

Workflow Action	Required Permission
Read repository code	contents: read
Create/update issues	issues: write
Create/update PR comments	pull-requests: write
Create/update discussions	discussions: write
Push commits/tags	contents: write ⚠️

Important: Start with contents: read and only add write permissions as needed. NEVER use write-all.

All Findings Details

Detailed Baseline Data (Dec 24, 2025)

Complete Breakdown by Tool

Zizmor (610+ findings):

• artipacked: 600+ instances across 120 workflows
  • Location: Every actions/checkout step
  • Fix: Add persist-credentials: false
• excessive-permissions: 2 instances
  • ai-moderator.lock.yml:988:3
  • layout-spec-maintainer (location TBD)
• template-injection: 8 instances (informational)
  • copilot-pr-merged-report, daily-performance-summary, dev, mcp-inspector

Poutine (125 findings):

• unverified_script_exec: 120 instances
  • Pattern: curl -sSL https://raw.githubusercontent.com/githubnext/gh-aw-firewall/main/install.sh | sudo AWF_VERSION=v0.7.0 bash
  • Status: Accepted - this is the standard AWF (firewall) installation pattern
• default_permissions_on_risky_events: 5 instances
  • ai-moderator, archie, brave, cloclo, grumpy-reviewer
  • All use slash commands, reactions, or issue events without explicit permissions

Actionlint (123 findings):

• shellcheck:SC2155: 60 instances
  • Description: "Declare and assign separately to avoid masking return values"
  • Pattern: local var=$(command) in generated Claude Code scripts
• shellcheck:SC2012: 60 instances
  • Description: "Use find instead of ls to better handle non-alphanumeric filenames"
  • Pattern: Generated in AWF wrapper scripts
• syntax-check:lock-for-agent: 3 instances
  • ai-moderator.lock.yml:261:5
  • campaign-generator (location TBD)
  • Description: "Unexpected key 'lock-for-agent' for 'issues' section"

Workflows Scanned in Dec 31 Partial Scan

Successfully scanned ~25 workflows before MCP timeout:

• agent-performance-analyzer ✅
• ai-moderator ✅ (excessive-permissions confirmed)
• archie ✅ (default_permissions confirmed)
• artifacts-summary ✅
• audit-workflows ✅
• blog-auditor ✅
• brave ✅
• breaking-change-checker ✅
• campaign-generator ✅
• campaign-manager ✅
• changeset ✅
• ci-coach ✅
• ci-doctor ✅
• cli-consistency-checker ✅
• cli-version-checker ✅
• cloclo ✅
• commit-changes-analyzer ✅
• copilot-agent-analysis ✅
• copilot-pr-merged-report ✅ (template-injection confirmed)
• copilot-pr-nlp-analysis ✅
• copilot-pr-prompt-analysis ✅
• copilot-session-insights ✅
• ... (scan truncated due to timeout)

Historical Trends

Repository Growth

Date	Workflows	Lock Files	Scan Status
Dec 15	134	120	Partial (37)
Dec 21	134	120	Complete ✅
Dec 24	134	120	Complete ✅
Dec 31	145	129	Partial (25) - Timeout
Jan 3	146	130	Failed 🔴

Trend: Repository growing (+12 workflows in 10 days), but scanning capability degrading

Findings Trend

Date	Total Findings	artipacked	Other Issues
Dec 21	258	0	258
Dec 24	858	600+	258
Dec 31	~860 (est)	600+	~260
Jan 3	910-930 (est)	650+	260-280

Analysis:

• artipacked spike on Dec 24 (new rule detection or zizmor update)
• No fixes applied since Dec 24 (10+ days)
• Estimated +50-60 new findings from 12 new workflows
• Overall trend: INCREASING due to unresolved issues + repository growth

Infrastructure Reliability Trend

Date	MCP Status	Scan Result	Issue
Dec 24	✅ Working	Complete	None
Dec 31	⚠️ Timeout	Partial (25/145)	MCP timeout -32001
Jan 3	🔴 Broken	Failed	MCP error -32603

Trend: CRITICAL DEGRADATION - From working → timeout → complete failure

Recommendations

P0 - CRITICAL (Infrastructure - IMMEDIATE ACTION REQUIRED)

• Investigate MCP -32603 error

  • Owner: MCP/Infrastructure team
  • Timeline: IMMEDIATE
  • Impact: 10+ days security blind spot

• Install zizmor and poutine in runner

  • Workaround if MCP continues to fail
  • Enables direct scanning without MCP dependency

• Implement monitoring for MCP health

  • Alert when compilation fails
  • Track timeout/error trends

P1 - HIGH (Security - Fix Within 3 Days)

• Bulk fix artipacked findings (650+ instances)

  • Add persist-credentials: false to all checkout actions
  • Update workflow templates to include by default
  • Recompile all workflows
  • Owner: Security team
  • Timeline: 3 days
  • Impact: Resolves 71% of all security findings

• Fix excessive-permissions (2 workflows)

  • ai-moderator: Review and restrict job permissions
  • layout-spec-maintainer: Review and restrict job permissions
  • Timeline: 1 day

• Add explicit permissions (5 workflows)

  • ai-moderator, archie, brave, cloclo, grumpy-reviewer
  • Apply principle of least privilege
  • Use fix template provided above
  • Timeline: 2 days

P2 - MEDIUM (Quality - Fix Within 1 Week)

• Address shellcheck warnings (120+ instances)

  • Update Claude Code script generation templates
  • Fix SC2155 and SC2012 patterns
  • Recompile affected workflows
  • Timeline: 1 week

• Investigate lock-for-agent syntax errors

  • Determine if this is intentional custom extension
  • Document or fix as appropriate
  • Timeline: 1 week

P3 - LOW (Process Improvement)

• Establish continuous static analysis

  • Run scans on every workflow change
  • Block PRs with Critical/High findings
  • Timeline: 2 weeks

• Create workflow security guidelines

  • Document permission requirements
  • Provide secure templates
  • Training for workflow authors
  • Timeline: 1 month

Next Steps

1. URGENT: Infrastructure team investigates MCP error -32603
2. URGENT: Consider installing zizmor/poutine directly in runner as workaround
3. HIGH: Security team begins artipacked bulk mitigation
4. HIGH: Apply quick wins for excessive-permissions and default_permissions
5. MEDIUM: Once scanning restored, run full 146-workflow scan
6. MEDIUM: Establish new baseline and implement continuous monitoring

Files Updated

• /tmp/gh-aw/cache-memory/static-analysis-findings-2026-01-03.json ✅
• Discussion report created ✅

Assessment

Current Security Posture: 🔴 CRITICAL

Reasons:

1. 10+ days without comprehensive scanning - Unknown security state
2. 650+ unmitigated medium severity findings (artipacked)
3. MCP infrastructure failure - No scanning capability
4. 12 new workflows unassessed - Unknown risk profile
5. Supply chain risks present - 5 workflows with default permissions on untrusted inputs

Immediate Actions Required:

1. Fix MCP infrastructure (P0)
2. Bulk mitigate artipacked (P1)
3. Restore scanning capability (P0)

---

Report Date: January 3, 2026
Scan Status: 🔴 FAILED - MCP infrastructure issue
Data Source: Historical baseline (Dec 24 + Dec 31 partial)
Next Scan: Blocked until MCP fixed
Confidence: Medium (10-day-old data, projections for new workflows)

AI generated by Static Analysis Report

[pelikhan]

/q review MCP requests errors

[github-actions[bot]]

🎩 Mission equipment ready! Q has optimized your workflow. Use wisely, 007! 🔫

[github-actions[bot]]

Q Investigation Started

I'm investigating the MCP request errors reported in this discussion. Let me analyze:

1. Context: The static analysis workflow uses the gh-aw MCP server to compile workflows with security scanners
2. Issue: Discussion reports "MCP error -32603: failed to compile workflows"
3. Status: Recent runs show success, but let me examine the logs to understand MCP request patterns

Gathering live data from recent workflow runs...

AI generated by Q