GitHub Actions Workflow Security

关于

The Reusable Workflow Security skill equips Claude with specialized knowledge to harden GitHub Actions CI/CD pipelines against common attack vectors. It focuses on mitigating privilege escalation and supply chain risks by guiding developers through the implementation of SHA-pinning for version control, restricting caller repositories, and replacing dangerous 'secrets: inherit' patterns with explicit secret passing. This skill is essential for teams looking to centralize their automation logic without compromising their organization's security posture.

主要功能

• 0 GitHub stars
• Transition patterns from broad secret inheritance to explicit passing
• SHA-pinning for immutable workflow references
• Caller restriction policies to prevent unauthorized workflow execution
• Input validation and sanitization for workflow arguments
• Protection against command injection in CI/CD environments

使用场景

• Auditing existing GitHub Actions for secret exposure risks
• Standardizing secure workflow composition patterns for DevOps teams
• Hardening shared CI/CD libraries across an organization