The Agent Skills Directory

[SAFE]: The skill is purely educational and provides standard patterns for GitHub Actions configuration. It promotes security best practices such as pinning action versions to SHAs, using the permissions block for least privilege, and utilizing OIDC instead of long-lived credentials.
[EXTERNAL_DOWNLOADS]: The documentation references well-known and trusted GitHub Actions from official organizations, including actions/checkout, actions/setup-node, aws-actions/configure-aws-credentials, and docker/build-push-action. These are industry-standard tools.
[COMMAND_EXECUTION]: The provided YAML snippets include standard build and deployment commands (e.g., npm ci, npm run build, deploy --env production). These are appropriate for the skill's context and do not involve suspicious execution patterns.
[DATA_EXFILTRATION]: No patterns of data exfiltration were detected. The skill correctly demonstrates how to handle sensitive information using GitHub Secrets and environment-scoped protection rules.
[PROMPT_INJECTION]: The instructions focus entirely on providing technical guidance for GitHub Actions and do not contain any attempts to override agent behavior or bypass safety filters.

github-actions-workflows