ci: add timeout-minutes to echidna-fuzz rate-limit-check job

[hyperpolymath]

Closes the one genuine missing_timeout_minutes gap in echidnabot's workflow set (from the Hypatia scan on #86 / checkpoint echidna#238).

What

Adds timeout-minutes: 5 to the rate-limit-check job in .github/workflows/echidna-fuzz.yml — the only steps-based (runs-on) job across all 29 echidnabot workflows that lacked a timeout bound. One-line, pure insertion; YAML re-validated.

Why the other Hypatia "missing_timeout_minutes" flags aren't fixed here

They target caller workflows (codeql, governance, hypatia-scan, mirror, rust-ci, scorecard, secret-scanner) whose jobs use uses: to call reusable workflows. timeout-minutes is invalid on a uses: job, so those flags are false-positives — noted in #88, not actionable.

Draft until reviewed.

https://claude.ai/code/session_01UAqDQaMwpUqWHUSZekGZWv

---

Generated by Claude Code

[github-actions]

🔍 Hypatia Security Scan

Findings: 75 issues detected

Severity	Count
🔴 Critical	11
🟠 High	20
🟡 Medium	44

⚠️ Action Required: Critical security issues found!

View findings

[
  {
    "reason": "Stale AI task file -- delete or move to docs/",
    "type": "stale",
    "file": "SONNET-TASKS.md",
    "action": "delete",
    "rule_module": "root_hygiene",
    "severity": "high"
  },
  {
    "reason": "Workflow executes remote script directly (curl/wget piped to shell). Download, verify checksum/signature, then execute.",
    "type": "download_then_run",
    "file": "echidnabot.yml",
    "action": "verify_download_integrity",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "Issue in scorecard-enforcer.yml",
    "type": "scorecard_publish_with_run_step",
    "file": "scorecard-enforcer.yml",
    "action": "split_scorecard_publish_job",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "Issue in instant-sync.yml",
    "type": "secret_action_without_presence_gate",
    "file": "instant-sync.yml",
    "action": "peter-evans/repository-dispatch",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "Issue in codeql.yml",
    "type": "codeql_missing_actions_language",
    "file": "codeql.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Admitted leaves proof hole (1 occurrences, CWE-704)",
    "type": "admitted",
    "file": "/home/runner/work/echidnabot/echidnabot/proofs/coq/admitted_stub.v",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "critical"
  },
  {
    "reason": "sorry leaves proof hole (1 occurrences, CWE-704)",
    "type": "sorry",
    "file": "/home/runner/work/echidnabot/echidnabot/proofs/lean/sorry_stub.lean",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "critical"
  },
  {
    "reason": "expect() in hot path (1 occurrences, CWE-754)",
    "type": "expect_in_hot_path",
    "file": "/home/runner/work/echidnabot/echidnabot/src/api/rate_limit.rs",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "medium"
  },
  {
    "reason": "expect() in hot path (1 occurrences, CWE-754)",
    "type": "expect_in_hot_path",
    "file": "/home/runner/work/echidnabot/echidnabot/src/dispatcher/echidna_client.rs",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "medium"
  },
  {
    "reason": "expect() in hot path (1 occurrences, CWE-754)",
    "type": "expect_in_hot_path",
    "file": "/home/runner/work/echidnabot/echidnabot/src/scheduler/job_queue.rs",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "medium"
  }
]

Powered by Hypatia Neurosymbolic CI/CD Intelligence