Receipt · 50084e99-0

Unauthenticated endpoint can trigger GitHub Actions via gh CLI

securitycriticalclosed in 4b9b492closed in 1 hour

repo 6f7fc663·PR #1·reviewed 2 days ago·2 days ago

The finding

dashboard/app/api/skills/[name]/run/route.ts:11-18
dashboard/app/api/skills/[name]/run/route.ts:36

The route allows any caller to POST and trigger a GitHub Actions workflow via the GitHub CLI. There is no authentication or authorization check before executing the privileged action. This enables abuse (e.g., burning CI minutes, exfiltrating info from workflows, or spam triggering).

Fix

Require authentication and authorization before triggering the workflow (e.g., verify a session/JWT, check user permissions/role, and optionally restrict allowed skills per user). Add CSRF protection if this route is callable from a browser and enforce rate limiting. Consider moving the trigger to a trusted server-side job/queue and validating inputs server-side only.

Agent attribution

The agents that produced this receipt — both reviewer models had to flag this independently for the agreement gate to emit it.

anthropic

gpt-5

43.7s · error

openai

claude-opus-4-7

58.6s · error

Total

wall-clock review time · est. inference cost

58.6s · $0.40

Sweeper

closed at SHA 4b9b492

closed in 1 hour

internal review id · 50084e99

Third-party witnesses

Everything below lives on GitHub's event log, not ours. Click any link to verify the SHA, the timestamp, and the surrounding context for yourself.

Closure receipt comment
https://github.com/AntFleet/aeon-bench/pull/1#issuecomment-4476008517
Original review comment
https://github.com/AntFleet/aeon-bench/pull/1#issuecomment-4475345067
The pull request
https://github.com/AntFleet/aeon-bench/pull/1

← back to all receipts