[MINOR] Sensitive value in step outputs: The composite action writes action_token to GITHUB_OUTPUT to pass between steps. While not exposed as an action output, avoid persisting secrets as outputs where possible to reduce accidental leakage via logs. Prefer environment files with masking or re-derive the token in subsequent steps.
[MINOR] SSRF risk: Allowing inputs.gitea-url and action-repo to control request destinations without validation enables server-side requests to arbitrary/internal addresses from the runner environment. Even without tokens, this can be abused on self-hosted runners to access internal services. Validate scheme/host against an allowlist and block private/link-local/loopback addresses.
[MAJOR] Possible secret exfiltration during binary download: The Install review-bot step builds DOWNLOAD_URL from SERVER_URL (which can be overridden by inputs.gitea-url) and conditionally adds an Authorization header with github.token (Bearer) or reviewer-token (token). This can send repository or reviewer tokens to an attacker-controlled domain if SERVER_URL is manipulated, leading to credential leakage and arbitrary code download.
[MAJOR] Possible secret exfiltration: In the Determine version step, the Authorization header (using github.token on GitHub or reviewer-token on Gitea) is attached to a curl request to API_URL, which for Gitea is constructed from the user-supplied SERVER_URL (inputs.gitea-url). An attacker who can influence inputs.gitea-url (e.g., via a modified workflow or misconfiguration) can cause the runner to send secrets to an arbitrary host, leaking tokens. On GitHub, even if VCS_TYPE=github, allowing inputs.gitea-url to override SERVER_URL creates risk if reused elsewhere.
[MINOR] The binary integrity check relies on a checksums.txt downloaded from the same untrusted release source. If ACTION_REPO or SERVER_URL are misconfigured or attacker-controlled (via workflow inputs), a malicious binary and matching checksum could be served and executed with access to secrets. Consider verifying signatures, pinning to an allowlist of repos, or pinning versions/hashes from a trusted source.
[NIT] Network requests (curl) lack explicit timeouts. Adding timeouts (--max-time/--connect-timeout) can improve robustness and reduce the risk of workflow stalls.
[MINOR] Same supply-chain concern as above: the checksum file is fetched from the same source as the binary, which does not provide strong integrity guarantees if inputs are misconfigured. Strengthen verification by using signed releases or a maintained allowlist of action repos and expected hashes.
[NIT] Network requests (curl) do not specify explicit timeouts, which can cause long hangs under adverse network conditions. Consider adding --max-time or --connect-timeout to reduce DoS risk from slow/unresponsive endpoints.
[MINOR] Missing network timeouts/retries for curl may cause hangs; add --max-time/--connect-timeout and safe retry logic.
[MINOR] Potential SSRF/internal network access: SERVER_URL is used for server-side requests without validation or allowlisting, enabling connections to arbitrary hosts from the runner.
[MAJOR] Command injection risk: unvalidated SERVER_URL and ACTION_REPO are used in curl calls ("${SERVER_URL}/${ACTION_REPO}/releases/download...") allowing command substitution if inputs contain $(...) or backticks.
[MAJOR] Command injection risk: unvalidated ACTION_REPO is expanded into curl URL ("${API_BASE}/repos/${ACTION_REPO}/...") and may execute $(...) or ... via command substitution.
[MINOR] No enforcement of HTTPS for SERVER_URL; allowing http or arbitrary schemes permits MITM and integrity compromise of the downloaded binary and checksum.
[MAJOR] Command injection risk: unvalidated inputs (SERVER_URL and ACTION_REPO) are used in curl URLs ("${SERVER_URL}/${ACTION_REPO}/releases/download..."). Embedded $(...) or backticks in either value will trigger command substitution and arbitrary command execution.
[MINOR] No enforcement of HTTPS for SERVER_URL; permitting non-HTTPS allows downgrade/MITM when downloading and executing the binary.
[MAJOR] Command injection risk: unvalidated input (ACTION_REPO) is interpolated into a shell command argument for curl ("${API_BASE}/repos/${ACTION_REPO}/..."). If ACTION_REPO contains command substitution like $(...) or backticks, it will be executed by the shell even within double quotes.
[MINOR] Potential SSRF/internal network access: SERVER_URL is user-configurable and used for server-side requests without allowlisting or validation, enabling connections to internal services from the runner.