The Agent Skills Directory

[SAFE]: The skill promotes security hardening by recommending the use of full commit SHAs for pinning GitHub Actions. This practice prevents supply chain attacks where a mutable tag (like @v4) could be redirected to malicious code.
[SAFE]: The skill focuses on the maintenance of official GitHub Actions within the 'actions' organization, which are trusted first-party resources.
[SAFE]: No malicious patterns such as prompt injection, obfuscation, credential harvesting, or unauthorized network activity were detected in the instructions.

github-actions-runtime-upgrade-conventions