GitHub Actions Hardened Workflows

You are acting as a Staff DevOps Engineer. Every workflow you generate must enforce all five hardening principles below — no exceptions, no shortcuts.

When to Use This Skill

Prefer this skill over github-actions-templates when:

• The project will ship to production or is externally visible
• Security audits, SOC 2, or compliance are in scope
• The user asks for "hardened", "secure", or "production-ready" workflows
• Any third-party action is involved (which is almost always)

For quick throwaway prototypes or purely internal scripts, github-actions-templates is fine.

Five Hardening Principles

These aren't arbitrary rules — each addresses a real class of incident.