actsense - GitHub Actions Security Auditor

Cross Repository Access Command

Description

Workflows that run shell commands like git clone https://github.com/foo/bar or curl https://raw.githubusercontent.com/... pull code straight from external repositories. Without validation, attackers can swap the target repo, inject malicious scripts, or harvest secrets via the fetched code. GitHub recommends pinning exact SHAs and avoiding user-supplied repository names in commands. ¹

Vulnerable Instance

run step clones an arbitrary repository or downloads a script without pinning.
Repository name comes from an environment variable or workflow input.
The downloaded code executes immediately (e.g., via bash script.sh).

name: Pull External Util
on: workflow_dispatch
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: Download helper
        run: |
          git clone https://github.com/${{ inputs.repo }} helper
          cd helper && ./install.sh

If inputs.repo is attacker-controlled, the workflow executes arbitrary code from that repository.

Mitigation Strategies

Pin to explicit SHAs
Use git clone --depth=1 --branch <tag> or download tarballs with known hashes.
Restrict repository inputs
Validate or hardcode the list of allowed repositories/owners.
Prefer actions/checkout with submodules
When accessing code you control, include it as a submodule rather than cloning dynamically.
Verify downloads
Check Git commit signatures or compute checksums before executing downloaded content.
Least-privilege tokens
If access requires authentication, use read-only tokens scoped to the specific repository.

Secure Version

 name: Pull External Util (Safe)
 on: workflow_dispatch
 jobs:
   build:
     runs-on: ubuntu-latest
     steps:
       - name: Fetch approved helper
+        env:
+          REPO: my-org/ci-utils
+          SHA: 0123456789abcdef
         run: |
-          git clone https://github.com/${{ inputs.repo }} helper
-          cd helper && ./install.sh
+          curl -L "https://github.com/$REPO/archive/$SHA.tar.gz" -o helper.tar.gz
+          echo "expected_checksum  helper.tar.gz" | sha256sum --check -
+          tar -xzf helper.tar.gz
+          cd ci-utils-$SHA && ./install.sh

Impact

Dimension	Severity	Notes
Likelihood		Pulling helper repos via shell commands is common in monorepos and legacy workflows.
Risk		Untrusted code executes with workflow privileges, enabling supply-chain compromise.
Blast radius		Any service reachable by the workflow token (packages, infra) can be affected.

References

GitHub Docs, “Security hardening for GitHub Actions,” https://docs.github.com/actions/security-guides/security-hardening-for-github-actions ¹
GitHub Docs, “Workflow syntax for GitHub Actions,” https://docs.github.com/actions/using-workflows/workflow-syntax-for-github-actions#example-using-run-within-a-step

GitHub Docs, “Security hardening for GitHub Actions,” https://docs.github.com/actions/security-guides/security-hardening-for-github-actions ↩︎ ↩︎

Last updated on January 1, 2026

Cross Repository Access Dangerous Event