Skip to main content
在 Manus 中运行任何 Skill
一键导入

cicd-pipeline-auditor

星标2
分支1
更新时间2026年4月13日 01:23

Audits GitHub Actions CI/CD workflow files for supply chain and pipeline security risks. Use when asked to audit, analyze, scan, or review GitHub Actions workflows, .github/workflows/, CI/CD pipelines, pipeline security, or DevSecOps pipeline hardening. Detects unpinned third-party actions (supply chain attacks like tj-actions CVE-2025-30066), expression injection / script injection, overly permissive permissions, dangerous triggers (pull_request_target, workflow_run PPE), secrets exposure, and self-hosted runner risks. Part of the GRIMSEC DevSecOps agent suite.

安装

用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。

文件资源管理器
4 个文件
SKILL.md
readonly