github-actions-hardening
github/awesome-copilot
This skill provides deep security review for GitHub Actions workflow files. It focuses on the unique Actions threat model—identifying vulnerabilities like script injection via ${{ }} interpolation, privilege escalation from triggers (e.g., pull_request_target), and ensuring least-privilege permissions for CI/CD pipelines. Use it to audit, secure, or harden existing workflows, preventing attacks from untrusted inputs and supply chain risks.