continual-learning
Audited by Socket on Mar 12, 2026
3 alerts found:
Obfuscated Filex2AnomalyThe workflow file itself is not overtly malicious, but it creates moderate supply-chain risk: an unpinned third-party action is given repository access plus a sensitive secret (OPENCODE_API_KEY) and an id-token:write permission. These combined factors enable secret or code exfiltration or OIDC-based credential misuse if the external action is malicious or compromised. Recommendations: pin the action to a commit SHA or specific immutable release, remove or limit id-token: write unless needed, avoid passing sensitive secrets to untrusted third-party actions (use fine-grained secrets or proxy services), review and lock the third-party action source, and add runtime safeguards (e.g., restrict network egress via self-hosted runners or use allowlisted domains).
The Continual Learning skill presents a coherent, low-risk capability: it reads session content, extracts actionable non-sensitive information, and updates a local memory file under clearly defined constraints. The data flow is contained (local input -> local file write) with no external dependencies or credential handling. Overall, the footprint aligns with the stated purpose and maintains data privacy expectations. Risk is low to moderate due to potential human error in deduplication or misclassification of what constitutes a 'high-signal' item, but there are no evident security or exfiltration concerns.
The workflow file itself contains no malicious code. The main risk is a supply-chain/trust issue: it hands a write-capable token and repository write permissions to an external action (googleapis/release-please-action@v4). If that action or its dependencies are compromised, an attacker could use the token to modify repository contents or create malicious PRs/releases. Recommend: verify the external action's integrity (pin to a commit SHA), use the least-privilege token (or GITHUB_TOKEN), and restrict secret scopes. Overall, low probability of intentional maliciousness in this file, but a moderate supply-chain security risk due to granted privileges to an external action.