AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

GHSA-f67f-hcr6-94mf: Zen-AI-Pentest has Shell Injection via untrusted issue title in ZenClaw Discord Integration workflow

criticalvulnerability

security

Source: GitHub Advisory DatabaseMarch 20, 2026

Summary

A GitHub Actions workflow in the Zen-AI-Pentest repository has a shell injection (a vulnerability where attackers trick a system into running unintended commands by inserting malicious code into input fields) vulnerability in the ZenClaw Discord Integration. An attacker can craft a malicious issue title containing shell commands that execute with access to secrets, allowing them to steal the Discord webhook URL (a special link that allows posting messages to Discord) and send fake messages to the Discord channel without needing repository permissions.

Solution / Mitigation

Pass all user-controlled event fields as environment variables and reference them via shell variables in the `run` block. Never use `${{ }}` expressions inside `run` blocks.

Classification

Attack SophisticationModerate

Affected Packages

SHAdd0WTAka/Zen-Ai-Pentest@<= 3.0.0

Original source: https://github.com/advisories/GHSA-f67f-hcr6-94mf

First tracked: March 20, 2026 at 08:00 PM

Classified by LLM (prompt v3) · confidence: 95%