github-actions

The skill description presents a benign tool focused on GitHub Actions workflow creation and auditing, with explicit workflows for SHA pinning, permissions, concurrency, and language-specific considerations. There are no executable download/install patterns, no credential handling beyond using existing GitHub session credentials, and no suspicious data flows or third-party exfiltration indicators. The footprint is proportionate to a CI/CD workflow management helper. Some risk notes exist around dependency on the gh CLI and environment assumptions, but these are standard for GitHub automation tools. Overall, this is a Benign assessment with low security risk, barring environment-specific misconfigurations.