GitHub Actions Security Review Capability Pack Skill
Expert GitHub Actions security review capability pack applying documented workflow hardening, GITHUB_TOKEN least privilege, secrets handling, and fork PR safety checks from official GitHub Actions security documentation.
Open the source and read safety notes before installing.
Safety notes
- Workflow changes can exfiltrate secrets on fork PRs—review pull_request_target and untrusted checkout patterns.
- Over-broad permissions blocks increase blast radius—default to least privilege per hardening docs.
- Third-party actions are supply-chain dependencies—pin to commit SHA when policy requires.
Privacy notes
- Review summaries may reference secret names but must not echo secret values.
- Redact internal runner labels and self-hosted paths in external tickets.
Prerequisites
- Workflow YAML files or PR diff containing GitHub Actions changes.
- Repository branch protection and environments policy context.
- Security reviewer before applying hardening to default branch.
Schema details
- Install type
- package
- Reading time
- 9 min
- Difficulty score
- 72
- Troubleshooting
- Yes
- Breaking changes
- No
- Scope
- Source repo
- Skill type
- capability-pack
- Skill level
- expert
- Verification
- validated
- Verified at
- 2026-06-16
| Platform | Support | Install path |
|---|---|---|
| claude-code | Native | .claude/skills/<skill-name>/SKILL.md |
| codex | Native | .agents/skills/<skill-name>/SKILL.md |
| windsurf | Native | .windsurf/skills/<skill-name>/SKILL.md |
| gemini | Native | .gemini/skills/<skill-name>/SKILL.md or .agents/skills/<skill-name>/SKILL.md |
| cursor | Adapter | .cursor/rules/<skill-name>.mdc |
| cli | Manual | AGENTS.md or tool-specific context file |
Full copyable content
# Trigger
"Apply the GitHub Actions security review capability pack to these workflows."
# Required output
1) Workflow threat summary
2) permissions and GITHUB_TOKEN findings
3) Secrets and fork PR risks
4) Hardening recommendations with doc citations
5) Privacy-safe review summaryAbout this resource
Knowledge Freshness
Grounded in official GitHub Actions security documentation verified on 2026-06-16.
Retrieval Sources
- https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions
- https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions
- https://docs.github.com/en/actions/security-guides/automatic-token-authentication
- https://developers.google.com/search/docs/fundamentals/creating-helpful-content
Source Verification Notes
Verified on 2026-06-16:
- GitHub hardening guide recommends explicit workflow permissions and minimal GITHUB_TOKEN scope.
- Secrets documentation describes storing credentials in GitHub Secrets—not workflow YAML.
- Automatic token authentication docs explain default GITHUB_TOKEN permissions and elevation risks.
- Fork PR workflows require extra scrutiny for untrusted code execution patterns.
- Pinning third-party actions to full commit SHAs reduces supply-chain drift.
Scope Note
Community review workflow applying documented GitHub Actions security steps—not
an official GitHub product. Differs from github-actions-secure-cicd-capability-pack
(JSONbored installable pack) by focusing on pre-merge YAML review matrices tied
to docs.github.com hardening guides.
Core Workflow
- Collect workflow files and triggered events (push, pull_request, schedule).
- Audit top-level and job-level
permissionsagainst least privilege. - Flag secrets in logs, unsafe
pull_request_target, or unpinned third-party actions. - Verify fork PR guards and environment protection rules where used.
- Produce hardening recommendations citing official docs; require human merge approval.
Capability Scope
- Workflow threat summarization.
- GITHUB_TOKEN and permissions review.
- Secrets handling and fork PR risk checks.
- Third-party action pinning recommendations.
- Privacy-safe review report for maintainers.
Production Rules
- Never paste secret values into skill output or public comments.
- Block merge on over-privileged
permissions: write-allwithout justification. - Require SHA-pinned actions when org policy mandates supply-chain controls.
- Escalate suspected secret exfiltration paths to security owners immediately.
Review Matrix
| Signal | Action |
|---|---|
| Missing permissions block | Add least-privilege defaults |
| pull_request_target + checkout PR head | Flag high fork risk |
| Secret echoed in run logs | Block merge; rotate secret |
| Floating @v tag on action | Recommend full SHA pin |
Output Contract
- Workflow threat summary.
- Permissions and token findings.
- Secrets and fork PR risks.
- Hardening recommendations with doc citations.
- Privacy-safe review summary.
Troubleshooting
Issue: Workflow fails after permission tightening Fix: Grant minimal additional scopes per job; avoid global write-all.
Issue: Cannot pin action SHA Fix: Record exception with owner approval and monitor action releases.
Duplicate Check
Related to github-actions-secure-cicd-capability-pack and pull-request-triage-capability-pack
but distinct slug, output contract, and hardening-doc focus for security review invocation.
Editorial Disclosure
Independent entry by kiannidev from public GitHub documentation.
Source citations
Add this badge to your README
Show that GitHub Actions Security Review Capability Pack Skill is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.
[](https://heyclau.de/entry/skills/github-actions-security-review-capability-pack)How it compares
GitHub Actions Security Review Capability Pack Skill side by side with its closest alternative on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.
| Field | GitHub Actions Security Review Capability Pack Skill Expert GitHub Actions security review capability pack applying documented workflow hardening, GITHUB_TOKEN least privilege, secrets handling, and fork PR safety checks from official GitHub Actions security documentation. Open dossier | Claude Code GitLab CI agent Capability Pack Skill Expert Claude Code GitLab CI agent capability pack for designing, reviewing, and rolling out GitLab CI agent with source-backed checklists, production rules, and privacy-safe output contracts. Open dossier |
|---|---|---|
| Trust | ||
| Install risk | Review first | Review first |
| Notes | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ |
| Category | skills | skills |
| Source | source-backed | source-backed |
| Author | kiannidev | kiannidev |
| Added | 2026-06-16 | 2026-06-14 |
| Platforms | Claude CodeCodexWindsurfGeminiCursorCLI | Claude CodeCodexWindsurfGeminiCursorCLI |
| Source repo | — | — |
| Safety notes | ✓Workflow changes can exfiltrate secrets on fork PRs—review pull_request_target and untrusted checkout patterns. Over-broad permissions blocks increase blast radius—default to least privilege per hardening docs. Third-party actions are supply-chain dependencies—pin to commit SHA when policy requires. | ✓This skill plans GitLab CI agent; it must not execute destructive changes without explicit approval. Browser, computer-use, and remote surfaces can access sensitive UI state; scope tests carefully. MCP and SDK integrations may exfiltrate data if tool scopes are too broad. The public `anthropics/claude-code` repository ships documentation links to code.claude.com for settings, security, and integration surfaces. Scheduled or autonomous workflows compound risk; cap blast radius in staging first. |
| Privacy notes | ✓Review summaries may reference secret names but must not echo secret values. Redact internal runner labels and self-hosted paths in external tickets. | ✓Reviews may expose integration tokens, customer metadata, and internal URLs related to GitLab CI agent. Telemetry and analytics configs can include account emails; redact before sharing externally. Keep troubleshooting logs in internal channels unless explicitly sanitized. Third-party vendors remain outside Anthropic retention policies; document separately. |
| Prerequisites |
|
|
| Install | — | — |
| Config | — | — |
| Citations | ||
| Claim | Unclaimed | Unclaimed |
Featured in
Signals
Loading live community signals…
A short, calm digest of reviewed Claude resources. Unsubscribe any time.