Can this skill identify expression injection?

Yes, it maps expressions like ${{ github.event... }} in run steps to determine if they can be controlled by an attacker via PR titles, branch names, or comments to execute arbitrary commands.

How does this skill help with remediation?

For every high-confidence finding, the skill provides a concrete exploitation scenario, an impact analysis, and a specific code fix to secure the workflow.

Does this skill report all security issues?

No, it specifically focuses on HIGH and MEDIUM confidence vulnerabilities exploitable by external attackers without write access, intentionally filtering out theoretical or low-impact noise.

What is a 'Pwn Request' in GitHub Actions?

A 'Pwn Request' is a vulnerability where a workflow triggered by pull_request_target checks out and executes code from an untrusted fork, allowing attackers to potentially steal repository secrets or gain write access.

GitHub Actions Security Reviewer

Name: GitHub Actions Security Reviewer
Author: sickn33

bysickn33

•

31,722

•

Security & Testing

Audits GitHub Actions workflows for exploitable vulnerabilities using real-world attack patterns and concrete exploitation scenarios.

This skill transforms Claude into a specialized security auditor for GitHub Actions, focusing exclusively on exploitable vulnerabilities from the perspective of an external attacker. It moves beyond generic CI/CD theory by requiring a full attack path trace—including entry points, payloads, and impact—before reporting a finding. It is designed to identify critical risks like pull_request_target misuse, expression injection in run blocks, and credential escalation, ensuring that developers receive high-confidence, actionable security feedback rather than theoretical noise.

Key Features

01Detailed reporting including entry point, payload, impact, and PoC sketches

02Automated detection of pull_request_target and issue_comment vulnerabilities

03Threat modeling focused specifically on external, unauthorized attackers

0431,722 GitHub stars

05Verification of safe patterns to minimize false positives in CI/CD audits

06Identification of shell expression injections within workflow run blocks

Use Cases

01Performing a security audit on a public repository's CI/CD pipeline

02Hardening GitHub Actions workflows against 'Pwn Request' style attacks

03Validating that workflow changes don't introduce new injection vectors

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add sickn33/antigravity-awesome-skills gha-security-review

For use in Claude.ai and ChatGPT

Key Features

01Detailed reporting including entry point, payload, impact, and PoC sketches

02Automated detection of pull_request_target and issue_comment vulnerabilities

03Threat modeling focused specifically on external, unauthorized attackers

0431,722 GitHub stars

05Verification of safe patterns to minimize false positives in CI/CD audits

06Identification of shell expression injections within workflow run blocks

Use Cases

01Performing a security audit on a public repository's CI/CD pipeline

02Hardening GitHub Actions workflows against 'Pwn Request' style attacks

03Validating that workflow changes don't introduce new injection vectors

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add sickn33/antigravity-awesome-skills gha-security-review

For use in Claude.ai and ChatGPT