github-actions-security
OfficialSecure your CI/CD workflows against common vulnerabilities.
AuthorGoldenWing-360
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill helps users harden and secure GitHub Actions workflows by providing guidelines and checks to prevent security pitfalls and misconfigurations.
Core Features & Use Cases
- Pin third-party actions to specific commits to prevent supply chain attacks.
- Assess and scope
GITHUB_TOKENpermissions to limit privilege levels. - Implement OIDC Federation for short-lived, trusted cloud credentials.
- Identify risky usage of
pull_request_targetworkflows to avoid secret leaks. - Detect untrusted input injection through expression interpolation.
- Review third-party actions for safety and maintenance status before adoption.
- Audit secrets discipline to prevent accidental leaks and enforce rotation.
Quick Start
Review your current workflows to ensure actions are pinned to SHA, permissions are minimized, and no pull_request_target runs code from untrusted sources.
Dependency Matrix
Required Modules
None requiredComponents
referencesassets
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: github-actions-security Download link: https://github.com/GoldenWing-360/claude-security-skills/archive/main.zip#github-actions-security Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.