github-workflow-best-practices
Pass
Audited by Socket on Feb 21, 2026
Checks
Malicious behaviorInjection, exfiltration, untrusted installs
Security concernsCredential exposure, tool/trust exploitation
Code obfuscationHidden or obfuscated code
Suspicious patternsReconnaissance, excessive autonomy, resource use
Audit Metadata