All SkillsGet Started Free
Gha Security Review
GitHub Actions security review for workflow exploitation vulnerabilities. Use when asked to "review GitHub Actions", "audit workflows", "check CI security", "GHA security", "workflow security review", or review .github/workflows/ for pwn requests, expression injection, credential theft, and supply chain attacks. Exploitation-focused with concrete PoC scenarios.
MCP get_skill({ skillId: "gha-security-review-88c4a892" })Use this skill with your agent
Create a free account and connect via MCP
<!-- Attack patterns and real-world examples sourced from the HackerBot Claw campaign analysis by StepSecurity (2025): https://www.stepsecurity.io/blog/hackerbot-claw-github-actions-exploitation --> # GitHub Actions Security Review Find exploitable vulnerabilities in GitHub Actions workflows. Every finding MUST include a concrete exploitation scenario — if you can't build the attack, don't report it. This skill encodes attack patterns from real GitHub Actions exploits — not generic CI/CD theory. ## Scope Review the workflows provided (file, diff, or repo). Research the codebase as needed to trace complete attack paths before reporting. ### Files to Review - `.github/workflows/*.yml` — all workflow definitions - `action.yml` / `action.yaml` — composite actions in the repo - `.github/actions/*/action.yml` — local reusable actions - Config files loaded by workflows: `CLAUDE.md`, `AGENTS.md`, `Makefile`, shell scripts under `.github/` ### Out of Scope - Workflows in other repositories (only note the dependency) - GitHub App installation permissions (note if relevant) ## Threat Model Only report vulnerabilities exploitable by an **external attacker** — someone **without** write access to the repository. The attacker can open PRs from forks, create issues, and post comments. They cannot push to branches, trigger `workflow_dispatch`, or trigger manual workflows. **Do not flag** vulnerabilities that require write access to exploit: - `workflow_dispatch` input injection — requires write access to trigger - Expression injection in `push`-only workflows on protected branches - `workflow_call` input injection where all callers are internal - Secrets in `workflow_dispatch`/`schedule`-only workflows ## Confidence Report only **HIGH** and **MEDIUM** confidence findings. Do not report theoretical issues. | Confidence | Criteria | Action | |---|---|---| | **HIGH** | Traced the full attack path, confirmed exploitable | Report with exploitation scenario and fix | | **MEDIUM** | Attack path partially confirmed, uncertain link | Report as needs verification | | **LOW** | Theoretical or mitigated elsewhere | Do not report | For each HIGH finding, provide all five elements: 1. **Entry point** — How does the attacker get in? (fork PR, issue comment, branch name, etc.)
#observability#sentry#application#security