skills.homes logoskills.homescapability registry
home/categories/git-workflows/mukul975-anthropic-cybersecurity-skills-skills-securing-github-actions-workflows-skill-md
cd ..
git-workflowsdevops

securing-github-actions-workflows

This skill covers hardening GitHub Actions workflows against supply chain attacks, credential theft, and privilege escalation. It addresses pinning actions to SHA digests, minimizing GITHUB_TOKEN permissions, protecting secrets from exfiltration, preventing script injection in workflow expressions, and implementing required reviewers for workflow changes.

Voir le code sourcegit-workflows
mukul975
maintainer
mukul975
Mis à jour 4/6/2026
Étoiles
4240
Forks
464
quick start

Installation and usage

This skill covers hardening GitHub Actions workflows against supply chain attacks, credential theft, and privilege escalation. It addresses pinning actions to SHA digests, minimizing GITHUB_TOKEN permissions, protecting secrets from exfiltration, preventing script injection in workflow expressions, and implementing required reviewers for workflow changes.

Installation
$ install --globalskills.sh
Utilisation

Après l'installation, vous pouvez utiliser ce skill en exécutant la commande suivante dans votre terminal :

skills use securing-github-actions-workflows