explainx.ainewsletter3.4k
securing-github-actions-workflows

securing-github-actions-workflows

mukul975/Anthropic-Cybersecurity-Skills · updated May 25, 2026

MDX-style export adds YAML metadata + attribution linking explainx.ai and this canonical listing URL.

$npx skills install mukul975/Anthropic-Cybersecurity-Skills/securing-github-actions-workflows
0 commentsdiscussion
summary

This skill covers hardening GitHub Actions workflows against supply chain attacks, credential theft, and privilege escalation. It addresses pinning actions to SHA digests, minimizing GITHUB_TOKEN permissions, protecting secrets from exfiltration, preventing script injection in workflow expressions, and implementing required reviewers for workflow changes.

skill.md
name
securing-github-actions-workflows
description
'This skill covers hardening GitHub Actions workflows against supply chain attacks, credential theft, and privilege escalation. It addresses pinning actions to SHA digests, minimizing GITHUB_TOKEN permissions, protecting secrets from exfiltration, preventing script injection in workflow expressions, and implementing required reviewers for workflow changes. '
domain
cybersecurity
subdomain
devsecops
tags
- devsecops - cicd - github-actions - supply-chain - workflow-security - secure-sdlc
version
1.0.0
author
mahipal
license
Apache-2.0
nist_csf
- PR.PS-01 - GV.SC-07 - ID.IM-04 - PR.PS-04

Securing GitHub Actions Workflows

When to Use

  • When GitHub Actions is the CI/CD platform and workflows need hardening against supply chain attacks
  • When workflows handle secrets, deploy to production, or have elevated permissions
  • When preventing script injection via untrusted PR titles, branch names, or commit messages
  • When requiring audit trails and approval gates for workflow modifications
  • When third-party actions pose supply chain risk through mutable version tags

Do not use for securing other CI/CD platforms (see platform-specific hardening guides), for application vulnerability scanning (use SAST/DAST), or for secret detection in code (use Gitleaks).

Prerequisites

  • GitHub repository with GitHub Actions enabled
  • GitHub organization admin access for organization-level settings
  • Understanding of GitHub Actions workflow syntax and events

Workflow

Step 1: Pin Actions to SHA Digests

# INSECURE: Mutable tag can be overwritten by attacker
- uses: actions/checkout@v4

# SECURE: Pinned to immutable SHA digest
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11  # v4.1.1

# Use Dependabot to auto-update pinned SHAs
# .github/dependabot.yml
version: 2
updates:
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      interval: "weekly"
    commit-message:
      prefix: "ci"

Step 2: Minimize GITHUB_TOKEN Permissions

# Set restrictive default permissions at workflow level
name: CI Pipeline
permissions: {}  # Start with no permissions

on: [push, pull_request]

jobs:
  build:
    runs-on: ubuntu-latest
    permissions:
      contents: read  # Only what's needed
    steps:
      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11

  deploy:
    runs-on: ubuntu-latest
    needs: build
    if: github.ref == 'refs/heads/main'
    permissions:
      contents: read
      deployments: write
      id-token: write  # For OIDC-based cloud auth
    steps:
      - name: Deploy
        run: echo "deploying"

Step 3: Prevent Script Injection

# VULNERABLE: User-controlled input in run step
- run: echo "PR title is ${{ github.event.pull_request.title }}"

# SECURE: Use environment variable (properly escaped by shell)
- name: Process PR
  env:
    PR_TITLE: ${{ github.event.pull_request.title }}
    PR_BODY: ${{ github.event.pull_request.body }}
  run: |
    echo "PR title is ${PR_TITLE}"
    echo "PR body is ${PR_BODY}"

# SECURE: Use actions/github-script for complex operations
- uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea
  with:
    script: |
      const title = context.payload.pull_request.title;
      console.log(`PR title: ${title}`);

Step 4: Secure Fork Pull Request Handling

# DANGEROUS: pull_request_target runs with base repo permissions
# on: pull_request_target  # AVOID unless absolutely necessary

# SAFE: pull_request runs in fork context with limited permissions
on:
  pull_request:
    branches: [main]

# If pull_request_target is required, never checkout PR code:
on:
  pull_request_target:
    types: [labeled]

jobs:
  safe-job:
    if: contains(github.event.pull_request.labels.*.name, 'safe-to-test')
    runs-on: ubuntu-latest
    permissions:
      contents: read
    steps:
      # NEVER do: actions/checkout with ref: ${{ github.event.pull_request.head.sha }}
      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
        # This checks out the BASE branch, not the PR

Step 5: Protect Secrets and Environment Variables

jobs:
  deploy:
    runs-on: ubuntu-latest
    environment: production  # Requires approval
    steps:
      - name: Deploy with secret
        env:
          # Secrets are masked in logs automatically
          DEPLOY_KEY: ${{ secrets.DEPLOY_KEY }}
        run: |
          # Never echo secrets
          # echo "$DEPLOY_KEY"  # BAD
          deploy-tool --key-file <(echo "$DEPLOY_KEY")

      - name: Audit secret access
        run: |
          # Log that secret was used without exposing it
          echo "::notice::Deploy key accessed for production deployment"

Step 6: Implement Workflow Change Controls

# Require CODEOWNERS approval for workflow changes
# .github/CODEOWNERS
.github/workflows/ @security-team @platform-team
.github/actions/ @security-team @platform-team

# Organization settings:
# 1. Settings > Actions > General > Fork PR policies
#    - Require approval for first-time contributors
#    - Require approval for all outside collaborators
# 2. Settings > Actions > General > Workflow permissions
#    - Read repository contents and packages permissions
#    - Do NOT allow GitHub Actions to create and approve PRs

Key Concepts

TermDefinition
SHA PinningReferencing GitHub Actions by their immutable commit SHA instead of mutable version tags
Script InjectionAttack where untrusted input (PR title, branch name) is interpolated into shell commands
GITHUB_TOKENAutomatically generated token with configurable permissions scoped to the current repository
pull_request_targetDangerous event trigger that runs in the base repo context with full permissions on fork PRs
Environment ProtectionGitHub feature requiring manual approval before jobs accessing an environment can run
CODEOWNERSFile defining required reviewers for specific paths including workflow files
OIDC FederationUsing GitHub's OIDC token to authenticate to cloud providers without storing long-lived credentials

Tools & Systems

  • Dependabot: Automated dependency updater that keeps pinned action SHAs current
  • StepSecurity Harden Runner: GitHub Action that monitors and restricts outbound network calls from workflows
  • actionlint: Linter for GitHub Actions workflow files that detects security issues
  • allstar: GitHub App by OpenSSF that enforces security policies on repositories
  • scorecard: OpenSSF tool that evaluates supply chain security practices including CI/CD

Common Scenarios

Scenario: Preventing Supply Chain Attack via Compromised Third-Party Action

Context: A widely-used GitHub Action is compromised and its v3 tag is updated to include credential-stealing code. Repositories using @v3 automatically pull the malicious version.

Approach:

  1. Pin all actions to SHA digests immediately across all repositories
  2. Configure Dependabot for github-actions ecosystem to manage SHA updates
  3. Restrict GITHUB_TOKEN permissions so even compromised actions have minimal access
  4. Add StepSecurity harden-runner to detect anomalous outbound network calls
  5. Review all third-party actions and replace unnecessary ones with inline scripts
  6. Require CODEOWNERS approval for any changes to .github/workflows/

Pitfalls: SHA pinning without Dependabot means missing legitimate security updates to actions. Overly restrictive permissions can break legitimate workflows. Using pull_request_target for label-based gating still exposes secrets if the workflow checks out PR code.

Output Format

GitHub Actions Security Audit
================================
Repository: org/web-application
Date: 2026-02-23

WORKFLOW ANALYSIS:
  Total workflows: 8
  Total action references: 34

SHA PINNING:
  [FAIL] 12/34 actions use mutable tags instead of SHA digests
  - .github/workflows/ci.yml: actions/setup-node@v4
  - .github/workflows/deploy.yml: aws-actions/configure-aws-credentials@v4

PERMISSIONS:
  [FAIL] 3/8 workflows have no explicit permissions (inherit default)
  [WARN] 1/8 workflows request write-all permissions

SCRIPT INJECTION:
  [FAIL] 2 workflow steps interpolate user input directly
  - .github/workflows/pr-check.yml:23: ${{ github.event.pull_request.title }}

SECRETS:
  [PASS] No secrets exposed in workflow logs
  [PASS] All production deployments use environment protection

SCORE: 6/10 (Remediate 5 HIGH findings)
how to use securing-github-actions-workflows

How to use securing-github-actions-workflows on Cursor

AI-first code editor with Composer

1

Prerequisites

Before installing skills in Cursor, ensure your development environment meets these requirements:

  • Cursor installed and configured on your development machine
  • Node.js version 16.0+ with npm package manager (verify with node --version)
  • Active project directory or workspace where you want to add securing-github-actions-workflows
2

Execute installation command

Execute the skills CLI command in your project's root directory to begin installation:

$npx skills install mukul975/Anthropic-Cybersecurity-Skills/securing-github-actions-workflows

The skills CLI fetches securing-github-actions-workflows from GitHub repository mukul975/Anthropic-Cybersecurity-Skills and configures it for Cursor.

3

Select Cursor when prompted

The CLI will show a list of available agents. Use arrow keys to navigate and space to select Cursor:

◆ Which agents do you want to install to?
│ ── Universal (.agents/skills) ── always included ────
│ • Amp
│ • Antigravity
│ • Cline
│ • Codex
│ ●Cursor(selected)
│ • Cursor
│ • Windsurf
4

Verify installation

Confirm successful installation by checking the skill directory location:

.cursor/skills/securing-github-actions-workflows

Reload or restart Cursor to activate securing-github-actions-workflows. Access the skill through slash commands (e.g., /securing-github-actions-workflows) or your agent's skill management interface.

Security & Verification Notice

We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.

Skills execute code in your development environment. Always verify the publisher's identity, review recent commits, and test in isolated environments before production deployment.

Additional Resources

View source code on GitHubSkills CLI documentationLearn more about CursorWhat are agent skills?

List & Monetize Your Skill

Submit your Claude Code skill and start earning

GET_STARTED →

Use Cases

Task Automation & Efficiency

Automate repetitive workflows and reduce manual effort

Example

Generate reports, summarize documents, draft communications

Save 3-5 hours per week on routine tasks

Knowledge Enhancement

Learn new skills, understand complex topics, get expert guidance

Example

Explain concepts, provide examples, suggest learning resources

Accelerate learning and skill development by 2x

Quality Improvement

Enhance output quality through reviews, suggestions, and refinements

Example

Review drafts, suggest improvements, catch errors

Improve work quality by 30-40% with less effort

Implementation Guide

Prerequisites

  • Claude Desktop or compatible AI client with skill support
  • Clear understanding of task or problem to solve
  • Willingness to iterate and refine outputs

Time Estimate

15-45 minutes depending on use case complexity

Installation Steps

  1. 1.Install skill using provided installation command
  2. 2.Test with simple use case relevant to your work
  3. 3.Evaluate output quality and relevance
  4. 4.Iterate on prompts to improve results
  5. 5.Integrate into regular workflow if valuable

Common Pitfalls

  • Expecting perfect results without iteration
  • Not providing enough context in prompts
  • Using skill for tasks outside its intended scope
  • Accepting outputs without review and validation

Best Practices

✓ Do

  • +Start with clear, specific prompts
  • +Provide relevant context and constraints
  • +Review and refine all outputs before using
  • +Iterate to improve output quality
  • +Document successful prompt patterns

✗ Don't

  • Don't use without understanding skill limitations
  • Don't skip validation of outputs
  • Don't share sensitive information in prompts
  • Don't expect skill to replace human judgment

💡 Pro Tips

  • Be specific about desired format and style
  • Ask for multiple options to choose from
  • Request explanations to understand reasoning
  • Combine AI efficiency with human expertise

When to Use This

✓ Use When

Use when skill capabilities match your task, clear ROI on time saved, and you can validate outputs. Best for repetitive tasks, learning, and quality improvement.

✗ Avoid When

Avoid when task requires deep expertise you can't validate, involves sensitive decisions, or when learning process is more valuable than speed of completion.

Learning Path

  1. 1Familiarize yourself with skill capabilities and limitations
  2. 2Start with low-risk, non-critical tasks
  3. 3Progress to more complex and valuable use cases
  4. 4Build expertise through regular use and experimentation

Discussion

Product Hunt–style comments (not star reviews)
  • No comments yet — start the thread.
general reviews

Ratings

4.837 reviews
  • Ishan Khanna· Dec 20, 2024

    I recommend securing-github-actions-workflows for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.

  • Neel Torres· Dec 20, 2024

    Keeps context tight: securing-github-actions-workflows is the kind of skill you can hand to a new teammate without a long onboarding doc.

  • Chaitanya Patil· Dec 8, 2024

    We added securing-github-actions-workflows from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront.

  • Piyush G· Nov 27, 2024

    securing-github-actions-workflows reduced setup friction for our internal harness; good balance of opinion and flexibility.

  • Rahul Santra· Nov 19, 2024

    securing-github-actions-workflows fits our agent workflows well — practical, well scoped, and easy to wire into existing repos.

  • Lucas Robinson· Nov 11, 2024

    Useful defaults in securing-github-actions-workflows — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.

  • Sakura Gonzalez· Nov 11, 2024

    securing-github-actions-workflows is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.

  • Shikha Mishra· Oct 18, 2024

    securing-github-actions-workflows is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.

  • Pratham Ware· Oct 10, 2024

    securing-github-actions-workflows has been reliable in day-to-day use. Documentation quality is above average for community skills.

  • Isabella Garcia· Oct 2, 2024

    Registry listing for securing-github-actions-workflows matched our evaluation — installs cleanly and behaves as described in the markdown.

showing 1-10 of 37

1 / 4