메뉴
Resolves GitHub Action tags/versions (e.g., @v4) to their full 40-character commit SHAs for security pinning.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
| name | github-action-sha-resolver |
| description | Resolves GitHub Action tags/versions (e.g., @v4) to their full 40-character commit SHAs for security pinning. |
| allowed-tools | mcp_github-mcp_list_tags, mcp_github-mcp_get_tag |
This skill provides a secure workflow to identify the exact commit SHA associated with a specific version of a GitHub Action.
| Tool | Purpose |
|---|---|
mcp_github-mcp_list_tags | Lists all tags for a given repository |
mcp_github-mcp_get_tag | Retrieves detailed information about a specific tag |
When a user asks for the SHA of an action version (e.g., actions/checkout@v4):
Repository Identification:
actions) and repo (checkout).Tag Retrieval:
mcp_github-mcp_list_tags to list available tags for the repository.v4).SHA Extraction:
commit.sha from the tag object in the list response.v4 and v4.1.1), ask the user for clarification before providing a SHA.User: "Give me the SHA for actions/setup-node@v3" Agent Action:
mcp_github-mcp_list_tags(owner="actions", repo="setup-node", perPage=100).v3.051d54f3a8c27888bd22a30b9f6d6309277c7315.actions/setup-node@v3 is 051d54f3a8c27888bd22a30b9f6d6309277c7315."Provides guidance on securing the Nuget supply chain, including best practices for verifying package integrity, understanding dependencies, and mitigating risks associated with third-party packages. Use this skill when you want to ensure the security and reliability of the Nuget packages you use in your projects.
Describes how to get usage instructions adding or implementing a Nuget package in a project, including viewing best practices and examples from the package's README file. Use this skill when you need to understand how to use a Nuget package effectively in your projects.
Provides guidance on securing the Nuget supply chain, including best practices for verifying package integrity, understanding dependencies, and mitigating risks associated with third-party packages. Use this skill when you want to ensure the security and reliability of the Nuget packages you use in your projects.
Create, update, and manage GitHub issues using MCP tools. Use this skill when users want to create bug reports, feature requests, or task issues, update existing issues, add labels/assignees/milestones, or manage issue workflows. Triggers on requests like "create an issue", "file a bug", "request a feature", "update issue X", or any GitHub issue management task.
Manage NuGet packages in .NET projects/solutions. Use this skill when adding, removing, or updating NuGet package versions. It enforces using `dotnet` CLI for package management and provides strict procedures for direct file edits only when updating versions.
Guide for reviewing GitHub Actions for security vulnerabilities.