feat(#989): add GHA workflow command injection to review security dimensions#2035
Conversation
Site previewPreview: https://8105748f-site.fullsend-ai.workers.dev Commit: |
|
🤖 Review · Started 6:01 PM UTC |
ReviewFindingsLow
Previous runReviewFindingsLow
Info
|
|
🤖 Finished Review · ✅ Success · Started 6:01 PM UTC · Completed 6:08 PM UTC |
|
/fs-fix |
|
🤖 Fix · Started 6:48 PM UTC |
…#2035) - Add deprecation parentheticals for ::set-output:: and ::set-env:: in both code-review SKILL.md and security sub-agent, noting they remain active when ACTIONS_ALLOW_UNSECURE_COMMANDS=true - Add GHA workflow command injection to the summary injection bullet in SKILL.md for consistency with security.md Addresses review feedback on #2035
🔧 Fix agent — iteration 1 (human-triggered)Addressed 2 of 4 review findings. Added deprecation notes for ::set-output:: and ::set-env:: in both files, and added GHA injection to the summary bullet in SKILL.md. Noted disagreement on 2 [info]-level observations that were informational, not actionable. Fixed (2):
Disagreed (2):
Tests: passed Updated by fullsend fix agent |
|
🤖 Finished Fix · ✅ Success · Started 6:48 PM UTC · Completed 6:53 PM UTC |
|
🤖 Review · Started 6:54 PM UTC |
…ensions The review agent's security checklist listed generic injection types (SQL, command, LDAP, path traversal) but omitted GitHub Actions workflow command injection. This caused a false safety assertion on PR #764 where unsanitized variables in ::error title=...:: were missed. GHA workflow command injection is a distinct attack class where unsanitized values in ::error::, ::warning::, ::set-output::, etc. can inject arbitrary workflow commands. Updated two files to cover this gap: - code-review SKILL.md: Added GHA workflow command injection to the Security dimension's injection checklist with specific commands to audit, escape sequences to check, and a verification instruction requiring all interpolated variables to be checked individually. - pr-review security sub-agent: Added GHA workflow command injection to the owned injection types and added a dedicated paragraph with the same audit guidance. Note: make lint could not run due to Go module cache permission errors in the sandbox (infrastructure issue, not code-related). Changes are markdown-only and do not affect Go compilation. Closes #989
…#2035) - Add deprecation parentheticals for ::set-output:: and ::set-env:: in both code-review SKILL.md and security sub-agent, noting they remain active when ACTIONS_ALLOW_UNSECURE_COMMANDS=true - Add GHA workflow command injection to the summary injection bullet in SKILL.md for consistency with security.md Addresses review feedback on #2035
7a9a1cb to
ff65fee
Compare
|
🤖 Finished Review · ✅ Success · Started 6:56 PM UTC · Completed 7:03 PM UTC |
|
🤖 Retro · Started 7:14 PM UTC |
Retro: PR #2035 — Add GHA workflow command injection to review security dimensionsOverall: This workflow executed well. The full pipeline (code → review → fix → re-review → merge) completed in ~1h15m with a single human intervention ( Timeline
Observations
Proposals filed
|
|
🤖 Finished Retro · ✅ Success · Started 7:14 PM UTC · Completed 7:20 PM UTC |
The review agent's security checklist listed generic injection types (SQL, command, LDAP, path traversal) but omitted GitHub Actions workflow command injection. This caused a false safety assertion on PR #764 where unsanitized variables in ::error title=...:: were missed. GHA workflow command injection is a distinct attack class where unsanitized values in ::error::, ::warning::, ::set-output::, etc. can inject arbitrary workflow commands.
Updated two files to cover this gap:
Security dimension's injection checklist with specific commands to
audit, escape sequences to check, and a verification instruction
requiring all interpolated variables to be checked individually.
to the owned injection types and added a dedicated paragraph with
the same audit guidance.
Note: make lint could not run due to Go module cache permission errors in the sandbox (infrastructure issue, not code-related). Changes are markdown-only and do not affect Go compilation.
Closes #989
Post-script verification
agent/989-add-gha-injection-security-dim)e83e1db71bb99552ceab7e5c02e92cc86c4b0148..HEAD)