workflow-trigger-security
OfficialSecure GitHub Actions triggers across PRs and forks.
Authoradaptive-enforcement-lab
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Secure GitHub Actions trigger patterns to prevent privilege escalation, code injection, and secret leakage arising from misconfigured triggers in pull requests, forks, and reusable workflows.
Core Features & Use Cases
- Two-Stage Fork CI: Separate untrusted fork testing from privileged operations to reduce exposure of secrets.
- Approval Gate for Fork Deployments: Enforce manual approval before deploying fork code and restrict permissions.
- Fork PR Security Validation: Provide safe, auditable patterns for PR-triggered workflows, with explicit context controls and restricted secret access.
Quick Start
Implement the two-stage fork CI pattern and enable approvals for PR targets to harden your workflow security.
Dependency Matrix
Required Modules
None requiredComponents
scripts
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: workflow-trigger-security Download link: https://github.com/adaptive-enforcement-lab/claude-skills/archive/main.zip#workflow-trigger-security Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.