agentic-actions-auditor

SKILL.md

Static security analysis for GitHub Actions workflows invoking AI coding agents.

Detects nine attack vectors where attacker-controlled input reaches AI agents in CI/CD pipelines, including env var intermediaries, direct expression injection, CLI data fetches, dangerous sandbox configs, and wildcard user allowlists

Scans .github/workflows/ for Claude Code Action, Gemini CLI, OpenAI Codex, and GitHub AI Inference steps; resolves one level of composite actions and reusable workflows

Captures security context from step configuration (with: blocks), workflow triggers, environment variables, and permissions to trace data flow from GitHub event context to AI prompts

Produces structured findings reports with severity judgment, YAML evidence, annotated data flow traces, and action-specific remediation guidance

Agentic Actions Auditor

Static security analysis guidance for GitHub Actions workflows that invoke AI coding agents. This skill teaches you how to discover workflow files locally or from remote GitHub repositories, identify AI action steps, follow cross-file references to composite actions and reusable workflows that may contain hidden AI agents, capture security-relevant configuration, and detect attack vectors where attacker-controlled input reaches an AI agent running in a CI/CD pipeline.

When to Use

Auditing a repository's GitHub Actions workflows for AI agent security

Reviewing CI/CD configurations that invoke Claude Code Action, Gemini CLI, or OpenAI Codex

Checking whether attacker-controlled input can reach AI agent prompts

Evaluating agentic action configurations (sandbox settings, tool permissions, user allowlists)

Assessing trigger events that expose workflows to external input (pull_request_target, issue_comment, etc.)

Investigating data flow from GitHub event context through env: blocks to AI prompt fields

When NOT to Use