Skills

action-remediate

Installation
SKILL.md

Rules

  • No mutating API calls without confirmation. gh api GET requests are allowed freely. Any call using -X POST, -X PUT, -X PATCH, or -X DELETE must be shown to the user and approved before execution.
  • Never force-push, delete branches, or delete repositories.
  • Only modify files under .github/. Do not touch application code, scripts, or configuration outside of workflow files.
  • Show a diff and get confirmation before every commit.
  • All PRs must be created as drafts.
  • Flag uncertainty. If a finding is ambiguous or a fix could break a workflow, stop and ask rather than guessing.

Step 1: Confirm Audit Findings

Before proceeding, verify that the user has audit findings to act on. These should come from a prior run of the action-audit skill. Confirm:

  • Which repos to remediate (all, a subset, or specific ones)
  • The remediation approach:
    • pin to main — for internal bitwarden/ actions: change the ref to @main
    • pin update — for external actions: update to a verified 40-character SHA with an inline version comment
    • replace — swap to a different action entirely
  • The target SHA, replacement action, or confirmation that @main is the fix
Installs
29
Repository
bitwarden/ai-plugins
GitHub Stars
119
First Seen
Apr 17, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
action-remediate — bitwarden/ai-plugins