ci: Try to auto-fix flaky test issues#20793
Conversation
|
adjusted this a bit and introduced prompt injection checker from triage-issue here as well. |
| id: triage | ||
| uses: anthropics/claude-code-action@v1 | ||
| with: | ||
| anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} |
There was a problem hiding this comment.
Mutable third-party action ref runs with secrets and write token
The workflow pins anthropics/claude-code-action@v1 (a moving tag) in a job that exposes ANTHROPIC_API_KEY, a pull-requests: write GITHUB_TOKEN, and id-token: write. A compromise or retag of the upstream v1 tag would let attacker-controlled action code exfiltrate the Anthropic API key, open or modify pull requests under the repo's identity, and mint OIDC tokens. Pin third-party actions to a full 40-character commit SHA to remove the upstream tag-rewrite supply-chain path.
Verification
Read the workflow hunk; confirmed permissions block grants pull-requests: write and id-token: write and the step passes ANTHROPIC_API_KEY and GITHUB_TOKEN into a third-party action referenced by floating tag @v1. Checked references/github-workflows.md mutable-action table: third-party mutable ref with secrets/OIDC/non-trivial write token => medium.
Identified by Warden security-review · SZ3-4PD
This adds a workflow that tries to auto-fix a given issue. It is auto-run for flaky test issues.