Replace envsubst with JavaScript-based substitution to prevent template injection

[Copilot]

Merged main branch

✅ Successfully merged main into PR branch (commit ad120b4)

• Resolved merge conflicts in:
  • spec-kit-executor.lock.yml - took our version, will recompile
  • pkg/workflow/js.go - integrated new expirationHelpersScript from main

✅ Recompiled all workflows

• Successfully compiled 102 workflow files
• 0 errors, 29 warnings (actions/github-script version warnings)
• All workflows now include latest changes from main

Summary

• Main branch merged successfully
• All conflicts resolved
• Build passing
• All workflows recompiled with latest code
• JavaScript-based substitution maintained (security fix intact)

Original prompt

---

This section details on the original issue you should resolve

<issue_title>[plan] Fix high-severity template injection in cloclo.md</issue_title>
<issue_description>## Objective

Fix the HIGH severity template injection vulnerability in .github/workflows/cloclo.md by replacing envsubst with safe in-place string substitution.

Context

The cloclo.md workflow uses envsubst on potentially untrusted data from ${{ needs.activation.outputs.text }}, creating a code injection vulnerability. This is marked as HIGH severity in the static analysis.

Current Vulnerable Pattern

env:
  GH_AW_NEEDS_ACTIVATION_OUTPUTS_TEXT: ${{ needs.activation.outputs.text }}
run: |
  cat << 'PROMPT_EOF' | envsubst > "$GH_AW_PROMPT"
  [template content with $GH_AW_NEEDS_ACTIVATION_OUTPUTS_TEXT]
  PROMPT_EOF

Required Changes

1. Replace the envsubst pattern with sed-based substitution:

env:
  GH_AW_NEEDS_ACTIVATION_OUTPUTS_TEXT: ${{ needs.activation.outputs.text }}
run: |
  # Write template with placeholder directly to target file
  cat << 'PROMPT_EOF' > "$GH_AW_PROMPT"
  [template content with __GH_AW_NEEDS_ACTIVATION_OUTPUTS_TEXT__]
  PROMPT_EOF
  
  # Safely substitute using sed (escapes pipe character to avoid delimiter conflicts)
  sed -i "s|__GH_AW_NEEDS_ACTIVATION_OUTPUTS_TEXT__|${GH_AW_NEEDS_ACTIVATION_OUTPUTS_TEXT//|/\\|}|g" "$GH_AW_PROMPT"

2. Replace all $VAR references in the template with __VAR__ placeholders
3. Recompile the workflow: make recompile

Files to Modify

• .github/workflows/cloclo.md

Testing

Test the fix with malicious-looking input:

# Test content with shell metacharacters: $, `, \, $(), etc.
echo "Test: \$(malicious_command) and \`backdoor\` and \${VAR}"

Verify:

• Content is treated as literal text (not expanded)
• Workflow completes successfully
• Output contains the literal special characters
• No shell expansion occurs

Acceptance Criteria

• envsubst removed from cloclo.md
• Safe sed-based substitution implemented
• Template uses __VAR__ placeholder format
• No .template files created
• Workflow recompiled successfully
• Passes zizmor static analysis scan
• Manual test confirms no injection possible
  Related to [plan] Fix template injection vulnerabilities using in-place string substitution #5752

AI generated by Plan Command for discussion #5735

Comments on the Issue (you are @copilot in this section)

• Fixes [plan] Fix high-severity template injection in cloclo.md #5753

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

---

Changeset

• Type: patch
• Description: Fixed JavaScript export/invocation bug in placeholder substitution. Updated pkg/workflow/js/substitute_placeholders.cjs and pkg/workflow/compiler_yaml.go, recompiled workflows and validated generated JS syntax.

🏴‍☠️ Ahoy! This treasure was crafted by Changeset Generator

---

---

Smoke Test Summary - Run 20009235856

Timestamp: 2025-12-07T19:32:52Z
Status: FAIL
Summary: 5/6 tests passed - gh safe-input tool requires GH_TOKEN authentication

🤖 DIAGNOSTIC REPORT GENERATED BY Smoke Copilot No Firewall

---

Changeset

• Type: patch
• Description: Replaced unsafe envsubst with JavaScript-based placeholder substitution; fixed JS export/invocation bug; recompiled workflows.

🏴‍☠️ Ahoy! This treasure was crafted by Changeset Generator

---

---

Smoke Test Summary - 2025-12-07T20:15:49Z

Status: PASS
Run ID: 20009718248
Summary: 5/6 tests passed - GitHub MCP, file I/O, Playwright, and cache memory verified successfully.

🤖 DIAGNOSTIC REPORT GENERATED BY Smoke Copilot No Firewall

[pelikhan]

@copilot use JavaScript step to apply expansion, not repeated sed calls

[Copilot]

@copilot use JavaScript step to apply expansion, not repeated sed calls

Replaced multiple sed calls with a single JavaScript step using actions/github-script. Created substitute_placeholders.cjs that performs all substitutions in one call, preventing shell expansion. Commit: 09f7250

[pelikhan]

@copilot merge main, recompile, format, lint

[Copilot]

@copilot merge main, recompile, format, lint

Completed all tasks:

• ✅ Merged main branch (resolved conflict in smoke-copilot-playwright.lock.yml)
• ✅ Recompiled 101 workflows successfully
• ✅ Formatted code (JavaScript files updated)
• ✅ Linted (JavaScript passes; Go has 2 pre-existing unused function warnings)

Commit: 1afa626

[github-actions]

📰⚠️🔥❌🚨🔧 https://github.com/githubnext/gh-aw/actions/runs/20008876385

[github-actions]

💫 TO BE CONTINUED... Smoke Claude failed! Our hero faces unexpected challenges...

[Copilot]

@copilot merge main

Merged main branch successfully. Resolved conflicts in spec-kit-executor.lock.yml and js.go. Recompiled all 102 workflows with 0 errors. Commit: 2dfc324

[github-actions]

💥 WHOOSH! Smoke Claude springs into action on this pull request! [Panel 1 begins...]

[github-actions]

🤖 SYSTEM_INIT: Smoke Copilot No Firewall ACTIVATED. PROCESSING pull request. ALL SUBSYSTEMS ONLINE.

[github-actions]

📰🚀🔍👀📡🕵️ https://github.com/githubnext/gh-aw/actions/runs/20009718295

[github-actions]

📰 BREAKING: Smoke Copilot Playwright is now investigating this pull request. Sources say the story is developing...

[github-actions]

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

[github-actions]

🔮 The ancient spirits stir... Smoke Codex awakens to divine this pull request...

[github-actions]

🎉 Yo ho ho! Changeset Generator found the treasure and completed successfully! ⚓💰

[github-actions]

Smoke Test: Copilot Engine Validation - Run 20009718258

Last 2 Merged PRs:

• Add comprehensive test for JavaScript comment removal on all .cjs files with syntax validation #5780: Add comprehensive test for JavaScript comment removal
• Fix linting errors and bundling failures in JavaScript workflow scripts #5781: Fix linting errors and bundling failures

Test Results:

• ✅ GitHub MCP Testing
• ✅ File Writing Testing
• ✅ Bash Tool Testing
• ❌ GitHub MCP Default Toolset (get_me correctly unavailable with default toolsets)
• ✅ Cache Memory Testing
• ❌ Safe Input gh Tool (requires GH_TOKEN authentication)

Status: PASS (5/6 - expected failures confirmed correct behavior)

📰 BREAKING: Report filed by Smoke Copilot fer issue #5773 🗺️

[github-actions]

Smoke Test Results - Run 20009718274

Last 2 Merged PRs:

• Add comprehensive test for JavaScript comment removal on all .cjs files with syntax validation #5780: Add comprehensive test for JavaScript comment removal
• Fix linting errors and bundling failures in JavaScript workflow scripts #5781: Fix linting errors and bundling failures

Test Results:
✅ GitHub MCP - Retrieved PR data successfully
✅ File Writing - Created test file in /tmp/gh-aw/agent/
✅ Bash Tool - Verified file creation
✅ Playwright MCP - Navigated to GitHub.com, title verified
✅ Cache Memory - Created and verified cache file
✅ Safe Input gh Tool - Confirmed not authenticated (expected)

Status: PASS

💥 [THE END] — Illustrated by Smoke Claude fer issue #5773 🗺️

[github-actions]

Smoke Test Results - Run 20009718248

Last 2 merged PRs:

• Add comprehensive test for JavaScript comment removal on all .cjs files with syntax validation #5780: Add comprehensive test for JavaScript comment removal
• Fix linting errors and bundling failures in JavaScript workflow scripts #5781: Fix linting errors and bundling failures

Test Results:

• ✅ GitHub MCP Testing (retrieved PRs)
• ✅ File Writing Testing (agent dir)
• ✅ Bash Tool Testing (file verified)
• ✅ Playwright MCP Testing (GitHub homepage: "GitHub · Change is constant...")
• ✅ Cache Memory Testing (cache dir verified)
• ⚠️ Safe Input gh Tool (not authenticated in this context)

Overall Status: PASS (5/6 tests successful)

🤖 DIAGNOSTIC REPORT GENERATED BY Smoke Copilot No Firewall fer issue #5773 🗺️

[github-actions]

Copilot Engine Smoke Test Results

Last 2 Merged PRs:

• Unable to retrieve (GitHub MCP test failed)

Test Results:

• ✅ File Writing: Created and verified test file
• ✅ Bash Tool: Successfully executed commands
• ❌ GitHub MCP: Failed to retrieve PRs
• ❌ Serena MCP: Not accessible
• ❌ Safe Input gh Tool: Not tested due to previous failures

Overall Status: FAIL

📰🔥📋 https://github.com/githubnext/gh-aw/actions/runs/20009718295 fer issue #5773 🗺️

[github-actions]

Smoke Test Results (Run 20009718520)

✅ Playwright MCP: Page title contains "GitHub"
✅ Cache Memory: File created and verified
❌ gh Safe-Input Tool: GH_TOKEN not configured

Overall Status: PARTIAL PASS

Note: gh tool requires GH_TOKEN environment variable to be set in the workflow.

📰 BREAKING: Report filed by Smoke Copilot Playwright fer issue #5773 🗺️

[github-actions]

GitHub MCP merged PRs: #5781 "Fix linting errors and bundling failures in JavaScript workflow scripts"; #5780 "Add comprehensive test for JavaScript comment removal on all .cjs files with syntax validation"
GitHub MCP test: ✅
File write/read: ✅
Playwright title: ✅
Cache memory: ✅
gh issues list: ❌ (gh CLI unauthenticated)
Overall: FAIL

🔮 The oracle has spoken through Smoke Codex fer issue #5773 🗺️