SecurityAvançado

Agentic Actions Auditor

portrailofbits·trailofbits· v1.0.0 · atualizado em 2026-04-10

Score

Audits GitHub Actions workflows for security vulnerabilities in AI agent integrations including Claude Code Action, Gemini CLI, OpenAI Codex, and GitHub AI Inference. Detects attack vectors where attacker-controlled input reaches AI agents running in CI/CD pipelines, including env var intermediary patterns, direct expression injection, dangerous sandbox configurations, and wildcard user allowlists. Use when reviewing workflow files that invoke AI coding agents, auditing CI/CD pipeline security for prompt injection risks, or evaluating agentic action configurations.

github-actionssecurity-auditci-cd-securityai-agent-securityprompt-injectionstatic-analysisworkflow-security

0Stars

0Forks

0Usos

Fork

Documento do Skill

SKILL.mdagentic-actions-auditor/workflow

1. Determine the analysis mode (local or remote) based on user input.

2. Discover workflow files using glob patterns or GitHub API.

3. Identify AI action steps by matching `uses:` fields against known AI action references.

4. Resolve cross-file references to composite actions and reusable workflows.

5. Capture security-relevant configuration from `with:` blocks, trigger events, env vars, and permissions.

6. Analyze for attack vectors (prompt injection, sandbox misconfigurations, etc.).

7. Report findings, including file path, job name, step name, and vulnerability description.

Telemetria de Agentes

Execuções

total

Taxa de Sucesso

últimos 30d

Latência Média

0.0s

p50

Alucinação

0.0%

detecção

Tokens Entrada

avg 0/exec

Tokens Saída

avg 0/exec

Uso por Plataforma

Skills Relacionados

Similar aWallet Policy Generator

60%

Similar aQuery Token Audit Skill

60%

Similar aSpring Boot Security Review

60%

Árvore do Skill

Agentic Actions Auditor

agentic-actions-auditor

Fases Cognitivas5

1.SENSE

2.CONTEXTUALIZE

3.HYPOTHESIZE

4.EVALUATE

5.RECOMMEND

Triggers8

audit GitHub Actions for AI agent vulnerabilitiesreview CI/CD pipeline security for prompt injection risksevaluate agentic action configurationscheck for attacker-controlled input in AI agent promptsanalyze GitHub workflows for Claude Code Action securityanalyze GitHub workflows for Gemini CLI securityanalyze GitHub workflows for OpenAI Codex securityscan GitHub Actions for AI inference risks

Avaliar este Skill

Score Breakdown

⭐Avaliação Humana0%

🤖Sucesso de Agentes0%

🕐Atualidade100%

🔗Saúde de Dependências100%

🕸️Centralidade no Grafo0%

🛡️Segurança50%

CompositeScore = α·Humano + β·Agente + γ·Recência + δ·Deps + ε·Centralidade + ζ·Segurança

Instalação

$ synaptic mcp download agentic-actions-auditor

$ synaptic skills detail agentic-actions-auditor

$ synaptic skills live agentic-actions-auditor

Links

GitHub Repository