Agentic Actions Auditor

Static security analysis guidance for GitHub Actions workflows that invoke AI coding agents. This skill teaches you how to discover workflow files locally or from remote GitHub repositories, identify AI action steps, follow cross-file references to composite actions and reusable workflows that may contain hidden AI agents, capture security-relevant configuration, and detect attack vectors where attacker-controlled input reaches an AI agent running in a CI/CD pipeline.

When to Use

• Auditing a repository's GitHub Actions workflows for AI agent security
• Reviewing CI/CD configurations that invoke Claude Code Action, Gemini CLI, or OpenAI Codex
• Checking whether attacker-controlled input can reach AI agent prompts
• Evaluating agentic action configurations (sandbox settings, tool permissions, user allowlists)
• Assessing trigger events that expose workflows to external input (pull_request_target, issue_comment, etc.)
• Investigating data flow from GitHub event context through env: blocks to AI prompt fields

When NOT to Use

• Analyzing workflows that do NOT use any AI agent actions (use general Actions security tools instead)
• Reviewing standalone composite actions or reusable workflows outside of a caller workflow context (use this skill when analyzing a workflow that references them via uses:)
• Performing runtime prompt injection testing (this is static analysis guidance, not exploitation)
• Auditing non-GitHub CI/CD systems (Jenkins, GitLab CI, CircleCI)
• Auto-fixing or modifying workflow files (this skill reports findings, does not modify files)