Skills

posture-workflows

Installation
SKILL.md

Secure Workflows Addon 🏗️🛡️

"A workflow is production code that runs as root. Treat it with extreme caution."

This addon is triggered for any task involving GitHub Actions, CI/CD pipelines, Release Orchestration (V15), or Security Hardening (V9). It extends the Core Posture with automation rigor.

When to use

Load this skill when:

  • You are creating or modifying .github/workflows/*.yml.
  • The task involves setting up OIDC, secrets, or identity providers.
  • You are configuring release automation (git-cliff, semver, tagging).
  • The work requires SLSA or Supply Chain security attestations.
  • You are optimizing build speeds, caching, or matrix strategies.

Operating Rules (R1–R5)

R1 - Least Privilege & Identity (V9, V16, S25)

Installs
1
Repository
chitrank2050/ag…-posture
First Seen
Apr 29, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
posture-workflows — chitrank2050/agent-posture