Hello maintainers,
I would like to report a potential vulnerability in your GitHub CI workflows.
Affected files:
- stillrivercode/idk/.github/workflows/ai-orchestrator.yml
Vulnerability:
- In job 'analyze-issue', step 'Post analysis comment', the LLM response '${{ steps.ai_analysis.outputs.analysis }}' is spliced into the run shell, allowing command injection; upstream LLM step 'Analyze with AI' is prompted with attacker-controlled issue title and body. It is better to set ${{ steps.ai_analysis.outputs.analysis }} as an environment variable and use it in the shell command to avoid command injection risks.
- In job 'analyze-issue', step 'Auto-label based on analysis', the LLM response '${{ steps.ai_analysis.outputs.analysis }}' is spliced into the run shell, allowing command injection; upstream LLM step 'Analyze with AI' is prompted with attacker-controlled issue title and body. It is better to set ${{ steps.ai_analysis.outputs.analysis }} as an environment variable and use it in the shell command to avoid command injection risks.
- In job 'validate-commands', step 'Post validation comment', the LLM response '${{ steps.ai_validation.outputs.validation }}' is spliced into the run shell, allowing command injection; upstream LLM step 'Validate changes with AI' is prompted with attacker-controlled PR diff content.
- In job 'validate-commands', step 'Add validation labels', the LLM response '${{ steps.ai_validation.outputs.validation }}' is spliced into the run shell, allowing command injection; upstream LLM step 'Validate changes with AI' is prompted with attacker-controlled PR diff content.
Thank you for your time and for maintaining this project.
Hello maintainers,
I would like to report a potential vulnerability in your GitHub CI workflows.
Affected files:
Vulnerability:
Thank you for your time and for maintaining this project.