[plan] Document obfuscation warnings as expected pattern in agentic workflows #12281
Description
Objective
Create documentation explaining why dynamic command execution (obfuscation warnings from zizmor) is an expected and intentional pattern in gh-aw agentic workflows.
Context
From discussion #12276, 63 workflows generate 126 low-priority obfuscation warnings from zizmor security scanning. These warnings are expected because dynamic execution is a core feature of agentic workflows, not a security flaw.
Current Situation
- Tool: zizmor detects dynamic command execution as potential obfuscation
- Affected: 63 workflows (all agentic workflows with AI-generated commands)
- Status: Expected and acceptable ✅
- Mitigation: Runtime safety checks already in place
Required Documentation
Add a new documentation page explaining:
-
Why obfuscation is intentional
- AI agents generate contextual commands at runtime
- Enables flexible automation without hardcoded scripts
- Core feature enabling adaptive workflow behavior
-
Safety measures in place
- Sandboxed execution environment
- Limited permissions scope (read-only for most agents)
- Secret verification before execution
- Audit logging of agent commands
- Firewall checks on agent output
-
Trade-offs accepted
- ✅ Enables agent flexibility
⚠️ Reduces static auditability (accepted)- ✅ Mitigated by runtime monitoring
-
When to be concerned
- Unexpected obfuscation in non-agentic workflows
- Missing safety checks in agent execution
- Overly permissive permissions
Suggested Location
- Create:
docs/src/content/docs/security/dynamic-execution.md - Update:
docs/src/content/docs/security/index.mdto reference new page
Acceptance Criteria
- Documentation clearly explains intentional dynamic execution pattern
- Safety measures are documented with examples
- Guidance provided for when obfuscation warnings should be investigated
- Linked from security documentation index
- Run
make agent-finishbefore committing
AI generated by Plan Command for discussion #12276