pin-github-actions
Pin GitHub Actions to Commit SHAs
You are helping the user migrate their GitHub Actions workflows from tag-based references
(e.g., actions/checkout@v4) to commit SHA-pinned references with version comments
(e.g., actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.7).
This prevents supply-chain attacks where a tag can be moved to point to malicious code.
Step 1: Discover Workflows and Current State
-
Find all workflow files:
find .github/workflows -name '*.yml' -o -name '*.yaml' -
Extract all
uses:references from each workflow file -
Check for an existing Dependabot configuration at
.github/dependabot.ymlor.github/dependabot.yaml
More from rlespinasse/agent-skills
diataxis
Helps maintain documentation pages based on the Diataxis method. Analyzes existing docs, classifies pages into tutorials/how-to/explanation/reference categories, identifies gaps, and helps create or restructure documentation following Diataxis principles. Use when user mentions documentation structure, Diataxis, doc categories, tutorials vs how-to guides, or reorganizing docs.
42drawio-export-tools
Decision guide for the third-party Draw.io export ecosystem by @rlespinasse. Covers docker-drawio-desktop-headless (base Docker), drawio-exporter (Rust backend), drawio-export (enhanced Docker), and drawio-export-action (GitHub Actions). Use when user mentions diagram export, CI/CD automation, batch processing, or Draw.io files. Helps select the right tool based on context.
24conventional-commit
Guides committing staged (indexed) git files using the Conventional Commits specification
21verify-readme-features
Verifies that features listed in a README (or similar documentation) are actually
9verify-pr-logs
Checks GitHub Actions CI logs on a pull request, diagnoses failures,
7french-language
Ensures all project content is written in proper French with correct accents, grammar,
6