agentic-actions-auditor

trailofbits/skills

Installs240

Install command

npx skills add https://github.com/trailofbits/skills --skill agentic-actions-auditor

Security audits

Gen Agent Trust HubPASS

SocketFAIL

SnykFAIL

About this skill

Static security analysis guidance for GitHub Actions workflows that invoke AI coding agents. This skill teaches you how to discover workflow files locally or from remote GitHub repositories, identify AI action steps, follow cross-file references to composite actions and reusable workflows that may contain hidden AI agents, capture security-relevant configuration, and detect attack vectors where attacker-controlled input reaches an AI agent running in a CI/CD pipeline. When auditing agentic actions, reject these common rationalizations. Each represents a reasoning shortcut that leads to missed findings. 1. "It only runs on PRs from maintainers" Wrong because it ignores pull_request_target , issue_comment , and other trigger events that expose actions to external input. Attackers do not need write access to trigger these workflows. A pull_request_target event runs in the context of the base branch, not the PR branch, meaning any external contributor can trigger it by opening a PR.

Source description provided by the upstream skill listing. Community reviews and install context appear in the sections below.

Community Reviews

Latest reviews

No community reviews yet. Be the first to review.

Browse this skill in context

Agents

codex opencode cursor kimi-cli github-copilot claude-code

Source

trailofbits/skills

FAQ

What does agentic-actions-auditor do?

Is agentic-actions-auditor good?

agentic-actions-auditor does not have approved reviews yet, so SkillJury cannot publish a community verdict.

What agent does agentic-actions-auditor work with?

agentic-actions-auditor currently lists compatibility with codex, opencode, cursor, kimi-cli, github-copilot, claude-code.

What are alternatives to agentic-actions-auditor?

Skills in the same category include telegram-bot-builder, flutter-app-size, sharp-edges, iterative-retrieval.

How do I install agentic-actions-auditor?

npx skills add https://github.com/trailofbits/skills --skill agentic-actions-auditor

telegram-bot-builder flutter-app-size sharp-edges iterative-retrieval

Related skills

Alternatives in Software Engineering

telegram-bot-builder

by sickn33/antigravity-awesome-skills

998

Source details, install context, and public review data are available on the full page.

Software EngineeringFrontend and DesignFirst seen Jan 18, 2026

flutter-app-size

by flutter/skills

996

Analyzes and optimizes Flutter application size by measuring build artifacts, generating size analysis reports, utilizing Dart DevTools for component breakdown, and implementing specific size reduction strategies such as debug info splitting, resource compression, and platform-specific tree-shaking. Assumes a...

Software EngineeringFrontend and Design

sharp-edges

by trailofbits/skills

994

Evaluates whether APIs, configurations, and interfaces are resistant to developer misuse. Identifies designs where the "easy path" leads to insecurity.

Software EngineeringFrontend and DesignFirst seen Jan 18, 2026

iterative-retrieval

by affaan-m/everything-claude-code

993

Solves the "context problem" in multi-agent workflows where subagents don't know what context they need until they start working.

Software EngineeringFrontend and DesignFirst seen Jan 25, 2026

agentic-actions-auditor

Latest reviews

Categories

Agents

Source

More from trailofbits/skills

sharp-edges

property-based-testing

codeql

audit-context-building

Alternatives in Software Engineering

telegram-bot-builder

flutter-app-size

sharp-edges

iterative-retrieval