Skip to main content
Jeden Skill in Manus ausführen
mit einem Klick

secure-github-actions

Sterne447
Forks407
Aktualisiert26. Mai 2026 um 09:08

Secure GitHub Actions workflows against supply-chain, privilege, and shell-injection risks. Use when creating, scaffolding, editing, or reviewing `.github/workflows/*.yml`, reusable workflows, `action.yml`, or Dependabot config for GitHub Actions. Also use for full repository security audits ("audit my workflows", "harden this repo", "security scan", "pin actions to SHA"), secrets scanning with gitleaks and trufflehog, and pre-public-release security reviews. Enforce full 40-character commit SHA pinning, avoid `pull_request_target` on untrusted code, pass GitHub context into `run:` steps via `env:`, and set least-privilege permissions.

Installation

Mit Codex oder Claude installieren Kopieren Sie diesen Prompt, fügen Sie ihn in Codex, Claude oder einen anderen Assistant ein und lassen Sie die Skill-Seite prüfen und installieren.

Datei-Explorer
5 Dateien
SKILL.md
readonly