Shell Injection via untrusted issue title in ZenClaw Discord Integration workflow
Summary
The ZenClaw Discord Integration GitHub Actions workflow is vulnerable to shell command injection. The issue title field, controllable by any GitHub user, is interpolated directly into a run shell block via a GitHub Actions template expression. An attacker can craft an issue title containing a subshell expression that executes arbitrary commands on the runner during variable assignment, enabling exfiltration of the DISCORD_WEBHOOK_URL secret. The trigger requires no repository privileges.
Affected Component
File: .github/workflows/zenclaw-discord.yml
Commit: 07e65c7
URL: https://github.com/SHAdd0WTAka/Zen-Ai-Pentest/blob/07e65c72656a8213fc9ece2b3f4fc719032cfc5d/.github/workflows/zenclaw-discord.yml
Step: Prepare Notification
Trigger: issues: [opened] — no repository privileges required
Fix Status
✅ RESOLVED (2026-03-20)
The vulnerability has been remediated by implementing secure environment variable handling:
- Before: DESCRIPTION="${{ github.event.issue.title }}"
- After: Pass ISSUE_TITLE through env, then DESCRIPTION="$ISSUE_TITLE"
This follows GitHub's security hardening best practices for GitHub Actions.
Credits
- Original vulnerability report: nekros1xx
- Fix implementation: Assisted by Kimi AI Code CLI (autonomous security analysis and remediation)
- Repository owner: SHAdd0WTAka
Original Description
The GitHub Actions template engine resolves ${{ github.event.issue.title }} at workflow compilation time, embedding the raw issue title as literal text in the bash script before execution. The value is assigned inside a double-quoted string, which in bash evaluates subshell expressions of the form $(...) and backtick expressions at runtime.
nekros1xx Reporter
Shell Injection via untrusted issue title in ZenClaw Discord Integration workflow
Summary
The ZenClaw Discord Integration GitHub Actions workflow is vulnerable to shell command injection. The issue title field, controllable by any GitHub user, is interpolated directly into a run shell block via a GitHub Actions template expression. An attacker can craft an issue title containing a subshell expression that executes arbitrary commands on the runner during variable assignment, enabling exfiltration of the DISCORD_WEBHOOK_URL secret. The trigger requires no repository privileges.
Affected Component
File: .github/workflows/zenclaw-discord.yml
Commit: 07e65c7
URL: https://github.com/SHAdd0WTAka/Zen-Ai-Pentest/blob/07e65c72656a8213fc9ece2b3f4fc719032cfc5d/.github/workflows/zenclaw-discord.yml
Step: Prepare Notification
Trigger: issues: [opened] — no repository privileges required
Fix Status
✅ RESOLVED (2026-03-20)
The vulnerability has been remediated by implementing secure environment variable handling:
This follows GitHub's security hardening best practices for GitHub Actions.
Credits
Original Description
The GitHub Actions template engine resolves${{ github.event.issue.title }} at workflow compilation time, embedding the raw issue title as literal text in the bash script before execution. The value is assigned inside a double-quoted string, which in bash evaluates subshell expressions of the form $ (...) and backtick expressions at runtime.