Disagreement · eb14fff2-openai-3

Workflow grants actions: write at the workflow level (overly broad permissions)

solo GPT-5

repo 6f7fc663·PR #2·reviewed 1 week ago

GPT-5 finding

Workflow grants actions: write at the workflow level (overly broad permissions)

mediumsecurityhigh

.github/workflows/messages.yml:20-24

The poll job needs actions: write to dispatch runs, but the run job (which executes model output) inherits the same broad permission. Combined with gh CLI availability, this increases blast radius if prompt injection occurs.

Recommendation

Move to job-level permissions: - poll job: actions: write, contents: read (or write if needed) - run job: contents: write, pull-requests: write; omit actions: write (use actions: read or none) Adjust only where strictly required.

Other reviewer

The other reviewer flagged nothing in this file/line range.

Why this didn't post

This finding didn't meet AntFleet's unanimous agreement threshold. Both frontier models review every PR independently; only findings they both flag with the same severity and category are posted to the PR. This one fell through.

read the methodology →

From the same review

These findings passed the unanimous gate on the same PR review. The disagreement above was filtered out; the findings below were posted.

← back to all disagreements view public receipts see unanimous findings + anatomies →

Tweet ↗