forge-github-actions
CommunityShip safer GitHub Actions with hard rules.
Legal & Compliance#permissions#github actions#supply chain#oidc#workflow hygiene#ci security#secrets handling
Authorf4rkh4d
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill prevents common CI workflow security and supply-chain failures in GitHub Actions, such as unpinned third-party actions, overly broad permissions, risky secret handling, and dangerous triggers.
Core Features & Use Cases
- Pin third-party actions to commit SHAs to reduce supply-chain risk from mutable tags/branches.
- Enforce least-privilege permissions via
permissions: {}at workflow scope and narrowly-scoped per-job grants. - Harden secrets and credential flow by rejecting secrets in
run:command lines and secret echo patterns, and preferring OIDC over long-lived cloud keys. - Reduce CI blast radius and waste by discouraging
pull_request_target, avoiding unconditionalon: [push], and requiring PR concurrency cancellation. - Verification support with a ready-to-run verifier script to flag workflow hygiene violations in
.github/workflows/*.yml.
Quick Start
Use the skill to audit your GitHub Actions workflows by running the verifier on your workflow files and fixing any flagged violations.
Dependency Matrix
Required Modules
None requiredComponents
assetsscripts
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: forge-github-actions Download link: https://github.com/f4rkh4d/forge-skill/archive/main.zip#forge-github-actions Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.