Why does this skill block service account JSON keys?

JSON keys are long-lived credentials that pose a significant security risk if leaked. This skill enforces Workload Identity Federation (WIF) to provide a more secure, keyless authentication method for GitHub Actions.

How does it handle security scanning?

The skill provides workflow templates that integrate industry-standard tools like TruffleHog for secret detection and Trivy for vulnerability scanning, ensuring checks occur before deployment.

Does this work for non-Vertex AI GCP deployments?

Yes, while it contains specialized logic for Vertex AI Agent Engine, the core WIF, OIDC, and IAM validation rules are applicable to any secure Google Cloud deployment pipeline.

What specific Vertex AI settings does it validate?

It validates Model Armor (protection against prompt injection), VPC service controls, Code Execution sandbox TTL (7-14 days), memory bank indexing, and auto-scaling instance counts.

GitHub Actions Validator for GCP

Name: GitHub Actions Validator for GCP
Author: BbgnsurfTech

byBbgnsurfTech

•

Deployment & DevOps

Validates and enforces security best practices for GitHub Actions workflows targeting Vertex AI and Google Cloud deployments.

The gh-actions-validator skill is a specialized tool for developers and DevOps engineers designed to ensure secure, production-ready CI/CD pipelines on Google Cloud Platform. It strictly mandates the use of Workload Identity Federation (WIF) to eliminate insecure JSON service account keys, enforces OIDC permissions, and audits IAM roles for least-privilege compliance. Beyond basic syntax, it performs deep validation of Vertex AI Agent Engine configurations—checking Model Armor, VPC settings, and auto-scaling—and integrates pre-deployment security scanning to prevent secret leaks and infrastructure vulnerabilities.

Key Features

01Post-deployment health checks and monitoring setup

02OIDC and IAM least privilege permission auditing

03Mandatory Workload Identity Federation (WIF) enforcement

043 GitHub stars

05Automated Vertex AI Agent Engine configuration validation

06Integrated security scanning for secrets and vulnerabilities

Use Cases

01Migrating from legacy JSON service account keys to secure OIDC-based WIF authentication

02Automating production-grade CI/CD pipelines for Vertex AI Agent Engine deployments

03Enforcing organizational security standards across all GCP-targeted GitHub workflows

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add bbgnsurftech/claude-skills-collection gh-actions-validator

For use in Claude.ai and ChatGPT

Download Skill