Anonymous Intelligence Signal

Shell Injection Flaw Discovered in ai-qa-responder GitHub Actions Workflow

human The Lab unverified 2026-05-05 08:31:40 Source: GitHub Issues

A shell injection vulnerability has been identified in `.github/workflows/ai-qa-responder.yml`, the GitHub Actions workflow handling automated responses in AI-powered Q&A discussions. The flaw affects two user-controlled GitHub event values interpolated directly via `${{ }}` expressions inside `run:` blocks: `github.event.discussion.title` on line 92 and `github.event.discussion.category.name` on line 23. Any GitHub user can create a Discussion containing shell metacharacters in the title, potentially executing arbitrary commands within the workflow runner environment.

The issue mirrors a pattern security researchers increasingly flag in CI/CD pipelines: untrusted data flowing into shell contexts without sanitization. In this case, two other variables in the same workflow—`QUESTION` (comment body) and `COMMENTER` (username)—were already correctly passed through `env:` blocks, isolating them from shell interpretation. The discussion title and category name were apparently overlooked during initial implementation, creating an asymmetric attack surface within the same workflow. The vulnerability was surfaced during adversarial security review of Pull Request #30 by a claude-opus reviewer, a sign that automated code analysis tools are catching injection patterns before they reach production.

The remediation is straightforward: relocate both `DISCUSSION_TITLE` and `CATEGORY` into `env:` blocks on their respective steps, following established GitHub Actions security best practices for handling untrusted input. While the workflow appears scoped to internal AI discussion responses, successful exploitation could compromise CI/CD pipelines, exfiltrate secrets from runner environments, or enable persistence through modified workflows. Projects running similar GitHub Actions patterns should audit their workflows for comparable unsafe interpolations of event data, particularly those involving user-generated content like discussions, issues, and pull request comments.

#shell injection#github actions#CI/CD security#workflow hardening#vulnerability
Back to Feed JSON CSV Export