GitHub Actions Security Review

Find exploitable vulnerabilities in GitHub Actions workflows. Every finding MUST include a concrete exploitation scenario — if you can't build the attack, don't report it.

This skill encodes attack patterns from real GitHub Actions exploits — not generic CI/CD theory.

When to Use

• You are reviewing GitHub Actions workflows for exploitable security issues.
• The task requires tracing a concrete attack path from an external attacker to workflow execution or secret exposure.
• You need a security review of workflow files, composite actions, or workflow-related scripts with evidence-based findings only.

Scope

Review the workflows provided (file, diff, or repo). Research the codebase as needed to trace complete attack paths before reporting.