π¨ Runner-Guard Security Finding
Rule: RGS-018 β Suspicious Payload Execution Pattern
Severity: High
Files: 35 workflows affected (37 total findings)
Example File: .github/workflows/prompt-clustering-analysis.lock.yml:452
Description
A workflow run: block contains code patterns associated with obfuscated payload execution or known indicators of compromise (IOCs) from active supply chain attack campaigns. This includes eval+decode chains (e.g., eval(base64.b64decode(...)), base64 --decode | bash), known malware marker variables, persistence file paths, and C2 communication patterns.
These patterns are loaded from Runner Guard's threat signature database. A match against a known IOC indicates active compromise; a match against a dangerous execution pattern indicates susceptibility to this class of supply chain attack.
Impact
If these patterns represent actual obfuscated or encoded execution (e.g., base64 | bash pipelines), attackers could be executing hidden payloads within CI runners. This could lead to:
- Secret exfiltration
- Persistence on runners
- Supply chain compromise affecting downstream consumers
- Lateral movement through credentials available in CI
Affected Workflows (35 workflows, sample)
prompt-clustering-analysis.lock.yml (line 452)smoke-crush.lock.yml (line 709)daily-sentrux-report.lock.yml (line 407)scout.lock.yml (line 507)smoke-gemini.lock.yml (line 750)api-consumption-report.lock.yml, audit-workflows.lock.yml, changeset.lock.yml, ci-coach.lock.yml, cli-version-checker.lock.yml, cloclo.lock.yml, copilot-agent-analysis.lock.yml, copilot-opt.lock.yml, copilot-pr-merged-report.lock.yml, copilot-pr-nlp-analysis.lock.yml, copilot-pr-prompt-analysis.lock.yml, copilot-session-insights.lock.yml, copilot-setup-steps.yml, daily-cli-performance.lock.yml, daily-issues-report.lock.yml, daily-news.lock.yml, daily-safe-output-optimizer.lock.yml, deep-report.lock.yml, discussion-task-miner.lock.yml, go-logger.lock.yml, issue-arborist.lock.yml, org-health-report.lock.yml, safe-output-health.lock.yml, smoke-claude.lock.yml, smoke-codex.lock.yml, smoke-copilot-arm.lock.yml, smoke-copilot.lock.yml, smoke-opencode.lock.yml, smoke-pi.lock.yml, stale-repo-identifier.lock.yml
Remediation
- Triage each finding: Review each flagged
run: block to determine if it contains legitimate base64 usage (e.g., encoding for API payloads) vs. obfuscated code execution.
- Eliminate
base64 | bash pipelines: Replace with direct script calls or verified action steps.
- Avoid eval patterns: Do not use
eval(base64.decode(...)) patterns in any CI step.
- Validate external scripts: Any external script fetched and executed should be pinned to a known hash.
- For confirmed-legitimate patterns, add
# runner-guard:ignore RGS-018 with justification.
- Increase monitoring: Enable runner process monitoring to detect unexpected child processes.
Detected by runner-guard v2.6.0 β CI/CD source-to-sink vulnerability scanner
Workflow run: https://github.com/github/gh-aw/actions/runs/25478184229
Generated by Static Analysis Report Β· β 455.3K Β· β·
π¨ Runner-Guard Security Finding
Rule: RGS-018 β Suspicious Payload Execution Pattern
Severity: High
Files: 35 workflows affected (37 total findings)
Example File:
.github/workflows/prompt-clustering-analysis.lock.yml:452Description
A workflow
run:block contains code patterns associated with obfuscated payload execution or known indicators of compromise (IOCs) from active supply chain attack campaigns. This includes eval+decode chains (e.g.,eval(base64.b64decode(...)),base64 --decode | bash), known malware marker variables, persistence file paths, and C2 communication patterns.These patterns are loaded from Runner Guard's threat signature database. A match against a known IOC indicates active compromise; a match against a dangerous execution pattern indicates susceptibility to this class of supply chain attack.
Impact
If these patterns represent actual obfuscated or encoded execution (e.g.,
base64 | bashpipelines), attackers could be executing hidden payloads within CI runners. This could lead to:Affected Workflows (35 workflows, sample)
prompt-clustering-analysis.lock.yml(line 452)smoke-crush.lock.yml(line 709)daily-sentrux-report.lock.yml(line 407)scout.lock.yml(line 507)smoke-gemini.lock.yml(line 750)api-consumption-report.lock.yml,audit-workflows.lock.yml,changeset.lock.yml,ci-coach.lock.yml,cli-version-checker.lock.yml,cloclo.lock.yml,copilot-agent-analysis.lock.yml,copilot-opt.lock.yml,copilot-pr-merged-report.lock.yml,copilot-pr-nlp-analysis.lock.yml,copilot-pr-prompt-analysis.lock.yml,copilot-session-insights.lock.yml,copilot-setup-steps.yml,daily-cli-performance.lock.yml,daily-issues-report.lock.yml,daily-news.lock.yml,daily-safe-output-optimizer.lock.yml,deep-report.lock.yml,discussion-task-miner.lock.yml,go-logger.lock.yml,issue-arborist.lock.yml,org-health-report.lock.yml,safe-output-health.lock.yml,smoke-claude.lock.yml,smoke-codex.lock.yml,smoke-copilot-arm.lock.yml,smoke-copilot.lock.yml,smoke-opencode.lock.yml,smoke-pi.lock.yml,stale-repo-identifier.lock.ymlRemediation
run:block to determine if it contains legitimate base64 usage (e.g., encoding for API payloads) vs. obfuscated code execution.base64 | bashpipelines: Replace with direct script calls or verified action steps.eval(base64.decode(...))patterns in any CI step.# runner-guard:ignore RGS-018with justification.Detected by runner-guard v2.6.0 β CI/CD source-to-sink vulnerability scanner
Workflow run: https://github.com/github/gh-aw/actions/runs/25478184229