Skills
.Work. You
Rest

github-actions-script-injection

Official

Audit GitHub Actions for script injection.

Software Engineering#ci/cd#github actions#security audit#rce#workflow security#script injection
Authorsecurityfortech
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill helps identify and prevent security vulnerabilities in GitHub Actions workflows where attackers can inject arbitrary shell commands by controlling inputs like branch names or PR titles.

Core Features & Use Cases

  • Vulnerability Detection: Scans GitHub Actions workflows for dangerous interpolation of context expressions in run: steps.
  • Exploitation Scenarios: Details how attackers can exfiltrate secrets, poison caches, or achieve full compromise via pull_request_target triggers.
  • Use Case: A security auditor uses this Skill to review a critical CI/CD pipeline, ensuring that user-controlled inputs cannot lead to remote code execution within the workflow environment.

Quick Start

Audit the GitHub Actions workflows in the current repository for script injection vulnerabilities.

Dependency Matrix

Required Modules

None required

Components

references

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: github-actions-script-injection
Download link: https://github.com/securityfortech/hacking-skills/archive/main.zip#github-actions-script-injection

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.