An unauthenticated attacker can execute arbitrary code on a GitHub Actions runner by simply posting a crafted comment on a repository using the wenxian tool.

The workflow uses issue_comment.body directly inside a shell command without sanitization. An unauthenticated attacker can post a comment containing shell metacharacters to trigger command injection and execute arbitrary code within the context of the GitHub Actions runner.

A successful exploit allows an attacker to hijack the CI/CD pipeline. This can lead to the theft of GitHub secrets (e.g., API keys, cloud credentials), the injection of malicious code into the software supply chain, or unauthorized access to the repository. The CVSS score of 9.8 highlights the extreme risk of supply chain compromise.

Immediate Action: Disable the affected GitHub Actions workflow immediately. Since no patch is currently available, manually sanitize the workflow file to use environment variables for user input instead of direct shell interpolation.

Proactive Monitoring: Review GitHub Actions run history for suspicious activity and audit all secrets used by the affected repository for potential compromise.

Compensating Controls: Use "Restrict repository permissions" in GitHub to ensure that the GITHUB_TOKEN has minimal permissions (read-only) for workflows triggered by external users.

Public Exploit Available: No

The lack of a vendor patch makes this a critical "zero-day" risk for users of wenxian. Immediate manual intervention is required to secure the GitHub Actions workflow. Ensure that all user-supplied data is treated as untrusted and never passed directly to a shell.