Skip to content

security: gate pr-triage secrets on same-repository pull_request_target#6053

Open
DVHRMNTCBSL wants to merge 1 commit into
google:mainfrom
DVHRMNTCBSL:security/pr-analyze-fork-guard
Open

security: gate pr-triage secrets on same-repository pull_request_target#6053
DVHRMNTCBSL wants to merge 1 commit into
google:mainfrom
DVHRMNTCBSL:security/pr-analyze-fork-guard

Conversation

@DVHRMNTCBSL

@DVHRMNTCBSL DVHRMNTCBSL commented Jun 10, 2026

Copy link
Copy Markdown

What the patch does

pr-triage.yml in google/adk-python runs on pull_request_target and mounts ADK_TRIAGE_AGENT and GOOGLE_API_KEY while the triage agent processes untrusted fork PR content.

This patch adds a fork guard: automated pull_request_target runs only when head.repo.full_name == github.repository. Maintainers can still trigger via workflow_dispatch.

Pull request: COLE_SEU_LINK_AQUI

How it works

  • Before: CLA-signed fork PR could auto-trigger privileged triage agent with API secrets in environment.
  • After: External fork PRs no longer auto-run secret-backed triage; workflow_dispatch preserved.

Writing effort

Modest — coordinated if: guard in .github/workflows/pr-triage.yml.

Security impact

Compelling proactive hardening: prevents untrusted fork PR content from reaching privileged LLM CI with secrets.

No live exploit was performed. Local trust-boundary simulation only.

Project scope

google/adk-python is OT1 in Google OSS repository tier.

Relation to prior submissions

Proactive patch; pivots from REPORT-002 OSS VRP GHA class. This is the security patch PR, not a duplicate VRP report.

Diff access

COLE_SEU_LINK_AQUI/files

@adk-bot adk-bot added the tools [Component] This issue is related to tools label Jun 10, 2026
@adk-bot

adk-bot commented Jun 10, 2026

Copy link
Copy Markdown
Collaborator

Response from ADK Triaging Agent

Hello @DVHRMNTCBSL, thank you for submitting this security-related PR!

To help our reviewers process your changes more efficiently, please ensure the following requirements from our contribution guidelines are met:

  1. Testing Plan: Please include a testing plan section in your PR description describing how this change was or can be verified (e.g., local simulation or GHA test runs on a fork).
  2. Logs or Screenshots: If possible, please share logs or screenshots demonstrating that the GitHub Actions workflow syntax is correct and works as intended after applying the patch.

This extra context is incredibly helpful for the review process. Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

tools [Component] This issue is related to tools

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@DVHRMNTCBSL @adk-bot