Skip to main content
Run any Skill in Manus
with one click

secure-github-actions

Stars447
Forks407
UpdatedMay 26, 2026 at 09:08

Secure GitHub Actions workflows against supply-chain, privilege, and shell-injection risks. Use when creating, scaffolding, editing, or reviewing `.github/workflows/*.yml`, reusable workflows, `action.yml`, or Dependabot config for GitHub Actions. Also use for full repository security audits ("audit my workflows", "harden this repo", "security scan", "pin actions to SHA"), secrets scanning with gitleaks and trufflehog, and pre-public-release security reviews. Enforce full 40-character commit SHA pinning, avoid `pull_request_target` on untrusted code, pass GitHub context into `run:` steps via `env:`, and set least-privilege permissions.

Installation

Install with Codex or Claude Copy this prompt, paste it into Codex, Claude, or another assistant, and let it review the skill page and install it for you.

File Explorer
5 files
SKILL.md
readonly