fix: resolve zizmor GitHub Actions security findings (#322)

dgilmanuni · claude · web-flow · commit 0e1e6733d5ff · 2026-02-19T10:01:48.000-05:00
Co-authored-by: Claude Opus 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -6,6 +6,8 @@ on:
   push:
     branches: [main, master, staging, dev]
 
+permissions: {}
+
 env:
   FOUNDRY_PROFILE: ${{ github.event_name == 'push' && 'ci' || 'pr' }}
 
@@ -20,6 +22,7 @@ jobs:
       - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4
         with:
           submodules: recursive
+          persist-credentials: false
 
       - name: Install Foundry
         uses: foundry-rs/foundry-toolchain@82dee4ba654bd2146511f85f0d013af94670c4de # v1
diff --git a/.github/workflows/trufflehog.yml b/.github/workflows/trufflehog.yml
@@ -24,6 +24,7 @@ jobs:
         uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
         with:
           fetch-depth: 0
+          persist-credentials: false
 
       - name: TruffleHog OSS
         id: trufflehog
