The Agent Skills Directory

COMMAND_EXECUTION (HIGH): In examples/composite-setup/action.yml, the input variable install-command is directly interpolated into a bash shell script and executed (${{ inputs.install-command }}). This pattern allows for arbitrary command execution if the input is derived from untrusted sources, such as pull request metadata or external triggers.
CREDENTIALS_UNSAFE (LOW): The workflow example in examples/monorepo-workflow.yml contains hardcoded database credentials (POSTGRES_PASSWORD: postgres) and a connection string. While intended for local service containers in a CI environment, hardcoding secrets is a security anti-pattern.
COMMAND_EXECUTION (MEDIUM): The script scripts/validate-workflow.sh interpolates the $WORKFLOW_FILE variable directly into a Python command string (python3 -c "...open('$WORKFLOW_FILE')..."). A maliciously crafted filename could lead to command injection when the validation script is executed.
REMOTE_CODE_EXECUTION (MEDIUM): Several examples and references promote the use of third-party GitHub Actions from non-trusted organizations (e.g., aquasecurity/trivy-action, gitleaks/gitleaks-action, anchore/sbom-action) using mutable tags like @master or @v2 instead of immutable commit SHAs, which increases the risk of supply chain attacks.

writing-github-actions