Severity
P2
Category
infra-ci
Location
.github/workflows/cla.yml:19
Evidence
uses: contributor-assistant/github-action@v2.6.1
Description
The CLA workflow is triggered from pull_request_target and also comment events and calls an external action at a version tag rather than a commit SHA. With repository write privileges in this context, a crafted comment or PR event can drive execution in a higher-trust runtime than expected. This is a common privilege-escalation pattern when combined with broad permissions. Pin the action to a commit SHA and narrow triggers/approvals before running write-capable steps.
Impact
Untrusted PR activity can trigger workflow logic under elevated context, potentially enabling workflow abuse or action supply-chain compromise.
Recommendation
Use pull_request scoped logic for untrusted input, enforce trusted actor checks for comment triggers, and pin third-party actions to immutable SHAs while minimizing workflow permissions.
Auto-filed by Codex audit run codex-audit-spark-2026-05-15 (mattyopon/faultray)
Audit model: gpt-5.3-codex-spark (Spark 2nd-pass, 2026-05-15)
Severity
P2
Category
infra-ciLocation
.github/workflows/cla.yml:19Evidence
Description
The CLA workflow is triggered from
pull_request_targetand also comment events and calls an external action at a version tag rather than a commit SHA. With repository write privileges in this context, a crafted comment or PR event can drive execution in a higher-trust runtime than expected. This is a common privilege-escalation pattern when combined with broad permissions. Pin the action to a commit SHA and narrow triggers/approvals before running write-capable steps.Impact
Untrusted PR activity can trigger workflow logic under elevated context, potentially enabling workflow abuse or action supply-chain compromise.
Recommendation
Use
pull_requestscoped logic for untrusted input, enforce trusted actor checks for comment triggers, and pin third-party actions to immutable SHAs while minimizing workflow permissions.Auto-filed by Codex audit run codex-audit-spark-2026-05-15 (mattyopon/faultray)
Audit model:
gpt-5.3-codex-spark(Spark 2nd-pass, 2026-05-15)