Problem
approve-external-pr.yml copies fork commits into an internal trusted/pr-* branch and force-pushes it, causing regular trusted CI to run, but relies on repo-level workflow permissions and maintainer judgment rather than an in-workflow actor/content gate.
Evidence
.github/workflows/approve-external-pr.yml:25-35 exposes a workflow_dispatch job with contents: write.
.github/workflows/approve-external-pr.yml:18-22 documents that Actions permissions are the trust boundary, but the workflow has no actor allowlist check.
.github/workflows/approve-external-pr.yml:96-114 clones the fork branch with GITHUB_TOKEN, verifies SHA after clone, then force-pushes it to trusted/pr-<N>.
- The workflow comments state that
validate.yml runs as internal/trusted CI after the push.
Impact
If workflow dispatch permissions are loosened or misconfigured, a collaborator could replay arbitrary fork code into a trusted branch that triggers privileged self-hosted CI. Even for maintainers, there is no required in-workflow content scan/diff checkpoint before trusted CI runs.
Suggested fix
Add an explicit actor/team allowlist in the workflow, avoid force-pushing without review metadata, and add a content/diff scan step before creating the trusted branch. Keep trusted CI opt-in tied to a clearly reviewed SHA.
Source report
Imported from audit report items:
security (15) / .github/workflows/approve-external-pr.yml:26
security (15) / .github/workflows/approve-external-pr.yml:96
Grouped because both describe the same trusted-branch replay risk.
Problem
approve-external-pr.ymlcopies fork commits into an internaltrusted/pr-*branch and force-pushes it, causing regular trusted CI to run, but relies on repo-level workflow permissions and maintainer judgment rather than an in-workflow actor/content gate.Evidence
.github/workflows/approve-external-pr.yml:25-35exposes aworkflow_dispatchjob withcontents: write..github/workflows/approve-external-pr.yml:18-22documents that Actions permissions are the trust boundary, but the workflow has no actor allowlist check..github/workflows/approve-external-pr.yml:96-114clones the fork branch withGITHUB_TOKEN, verifies SHA after clone, then force-pushes it totrusted/pr-<N>.validate.ymlruns as internal/trusted CI after the push.Impact
If workflow dispatch permissions are loosened or misconfigured, a collaborator could replay arbitrary fork code into a trusted branch that triggers privileged self-hosted CI. Even for maintainers, there is no required in-workflow content scan/diff checkpoint before trusted CI runs.
Suggested fix
Add an explicit actor/team allowlist in the workflow, avoid force-pushing without review metadata, and add a content/diff scan step before creating the trusted branch. Keep trusted CI opt-in tied to a clearly reviewed SHA.
Source report
Imported from audit report items:
security (15)/.github/workflows/approve-external-pr.yml:26security (15)/.github/workflows/approve-external-pr.yml:96Grouped because both describe the same trusted-branch replay risk.