@superagent-ai/ci-cd-security

Scan GitHub Actions workflow files for security vulnerabilities by reading the YAML and reporting findings directly — no external tools, no installation, no shell execution. Use this skill whenever the user shares a `.github/workflows/` file, pastes workflow YAML, asks for a CI/CD security review, mentions `pull_request_target`, `workflow_run`, action pinning, `GITHUB_TOKEN` permissions, pwn requests, template injection, cache poisoning, secret exfiltration, supply chain risk, or any GitHub Actions hardening topic. Also trigger when the user is hardening an OSS repo, doing a CI/CD red team assessment, evaluating a target for supply-chain scanning, or writing publicly about CI/CD security. Bias toward triggering this skill rather than answering from memory — CI/CD security defaults are wrong almost everywhere and the rules are unintuitive.

View in AI SkillSafe app
Scanned · no findings
0 downloads
0 stars
0 demos
SKILL.md

Embed badges

Add these to your README to show the skill's verification status.

SkillSafe verified badge
Verified badge
[![SkillSafe verified badge](https://api.skillsafe.ai/v1/badge/@superagent-ai/ci-cd-security/verified)](https://skillsafe.ai/skill/@superagent-ai/ci-cd-security/)
Installs badge
Installs badge
[![Installs badge](https://api.skillsafe.ai/v1/badge/@superagent-ai/ci-cd-security/installs)](https://skillsafe.ai/skill/@superagent-ai/ci-cd-security/)
Scan badge
Scan badge
[![Scan badge](https://api.skillsafe.ai/v1/badge/@superagent-ai/ci-cd-security/scan)](https://skillsafe.ai/skill/@superagent-ai/ci-cd-security/)
Eval pass rate badge
Eval pass rate
[![Eval pass rate badge](https://api.skillsafe.ai/v1/badge/@superagent-ai/ci-cd-security/eval)](https://skillsafe.ai/skill/@superagent-ai/ci-cd-security/)