Workflow shell footgun
This issue tracks a recurring review-feedback class from the EvalOps review feedback sentinel.
- Class:
workflow-shell-footgun
- Score:
80
- Findings:
1
- Repos:
evalops/maestro
- Generated at:
2026-05-28T01:15:15Z
- Window: merged since
2026-05-25 with minimum severity high
Guardrail to build
Add or extend workflow lint/security checks so fragile shell and GitHub Actions mistakes fail before review.
Representative feedback
Finding fingerprints
5b60ac4255d57dec4d0c2022e676aed5ffb4c2e9f68898b31867346e0b6c775a
Acceptance criteria
- The class has an owner repo and a concrete guardrail location.
- The guardrail fails for at least one representative feedback shape listed above.
- The guardrail is wired into the smallest relevant CI or preflight target.
- The issue is closed only after the guardrail has merged and the feedback sentinel no longer ranks this class as an unaddressed candidate.
Workflow shell footgun
This issue tracks a recurring review-feedback class from the EvalOps review feedback sentinel.
workflow-shell-footgun801evalops/maestro2026-05-28T01:15:15Z2026-05-25with minimum severityhighGuardrail to build
Add or extend workflow lint/security checks so fragile shell and GitHub Actions mistakes fail before review.
Representative feedback
p1fix: sync release helpers before public mirror validation maestro#646 .github/workflows/public-release-mirror.yml:117Finding fingerprints
5b60ac4255d57dec4d0c2022e676aed5ffb4c2e9f68898b31867346e0b6c775aAcceptance criteria