Workflow shell footgun
This issue tracks a recurring review-feedback class from the EvalOps review feedback sentinel.
- Class:
workflow-shell-footgun
- Score:
80
- Findings:
1
- Repos:
evalops/deploy
- Generated at:
2026-05-14T07:22:57Z
- Window: merged since
2026-05-11 with minimum severity high
Guardrail to build
Add or extend workflow lint/security checks so fragile shell and GitHub Actions mistakes fail before review.
Representative feedback
p1 evalops/deploy#2710 .github/workflows/sync-production-runtime-images.yml:91
Finding fingerprints
bb7fb651dbff6cff5322f8727f4388e209720f0bebef6fd1dc4c3d506a3a3731
Acceptance criteria
- The class has an owner repo and a concrete guardrail location.
- The guardrail fails for at least one representative feedback shape listed above.
- The guardrail is wired into the smallest relevant CI or preflight target.
- The issue is closed only after the guardrail has merged and the feedback sentinel no longer ranks this class as an unaddressed candidate.
Workflow shell footgun
This issue tracks a recurring review-feedback class from the EvalOps review feedback sentinel.
workflow-shell-footgun801evalops/deploy2026-05-14T07:22:57Z2026-05-11with minimum severityhighGuardrail to build
Add or extend workflow lint/security checks so fragile shell and GitHub Actions mistakes fail before review.
Representative feedback
p1evalops/deploy#2710 .github/workflows/sync-production-runtime-images.yml:91Finding fingerprints
bb7fb651dbff6cff5322f8727f4388e209720f0bebef6fd1dc4c3d506a3a3731Acceptance criteria