Skip to main content
Execute qualquer Skill no Manus
com um clique

secure-github-actions

Estrelas447
Forks407
Atualizado26 de maio de 2026 às 09:08

Secure GitHub Actions workflows against supply-chain, privilege, and shell-injection risks. Use when creating, scaffolding, editing, or reviewing `.github/workflows/*.yml`, reusable workflows, `action.yml`, or Dependabot config for GitHub Actions. Also use for full repository security audits ("audit my workflows", "harden this repo", "security scan", "pin actions to SHA"), secrets scanning with gitleaks and trufflehog, and pre-public-release security reviews. Enforce full 40-character commit SHA pinning, avoid `pull_request_target` on untrusted code, pass GitHub context into `run:` steps via `env:`, and set least-privilege permissions.

Instalação

Instalar com Codex ou Claude Copie este prompt, cole no Codex, Claude ou outro assistente e deixe que ele revise a página da skill e instale para você.

Explorador de arquivos
5 arquivos
SKILL.md
readonly