trailofbits/skillsSoftware EngineeringFrontend and Design

agentic-actions-auditor

Static security analysis for GitHub Actions workflows invoking AI coding agents.

SkillJury keeps community verdicts, source metadata, and external repository signals in separate lanes so ranking data never pretends to be a review.

SkillJury verdict

Pending

No approved reviews yet

Would recommend

Pending

Waiting on enough review volume

Install signal

Weekly or total install activity from catalog data

0 review requests

Install command

npx skills add https://github.com/trailofbits/skills --skill agentic-actions-auditor

SkillJury does not have enough approved reviews to publish a community verdict yet. Source metadata and repository proof are still available above.

SkillJury Signal Summary

As of Apr 30, 2026, agentic-actions-auditor has 2 weekly installs, 0 community reviews on SkillJury. Community votes currently stand at 0 upvotes and 0 downvotes. Source: trailofbits/skills. Canonical URL: https://skills.sh/trailofbits/skills/agentic-actions-auditor.

Security audits

Gen Agent Trust HubPASS

SocketWARN

SnykFAIL

About this skill

Static security analysis for GitHub Actions workflows invoking AI coding agents. Static security analysis guidance for GitHub Actions workflows that invoke AI coding agents. This skill teaches you how to discover workflow files locally or from remote GitHub repositories, identify AI action steps, follow cross-file references to composite actions and reusable workflows that may contain hidden AI agents, capture security-relevant configuration, and detect attack vectors where attacker-controlled input reaches an AI agent running in a CI/CD pipeline. When auditing agentic actions, reject these common rationalizations. Each represents a reasoning shortcut that leads to missed findings. 1. "It only runs on PRs from maintainers" Wrong because it ignores pull_request_target , issue_comment , and other trigger events that expose actions to external input. Attackers do not need write access to trigger these workflows.

Source description provided by the upstream listing. Community review signal and install context stay separate from this narrative layer.

Community reviews

Latest reviews

No community reviews yet. Be the first to review.

Browse this skill in context

Agents

Claude Code Codex Gemini CLI Skills CLI

Source

trailofbits/skills

FAQ

What does agentic-actions-auditor do?

Static security analysis for GitHub Actions workflows invoking AI coding agents.

Is agentic-actions-auditor good?

agentic-actions-auditor does not have approved reviews yet, so SkillJury cannot publish a community verdict.

Which AI agents support agentic-actions-auditor?

agentic-actions-auditor currently lists compatibility with Claude Code, Codex, Gemini CLI, Skills CLI.

Is agentic-actions-auditor safe to install?

agentic-actions-auditor has been scanned by security audit providers tracked on SkillJury. Check the security audits section on this page for detailed results from Socket.dev and Snyk.

What are alternatives to agentic-actions-auditor?

Skills in the same category include grimoire-morpho-blue, conversation-memory, second-brain-ingest, zai-tts.

How do I install agentic-actions-auditor?

Run the following command to install agentic-actions-auditor: npx skills add https://github.com/trailofbits/skills --skill agentic-actions-auditor

grimoire-morpho-blue conversation-memory second-brain-ingest zai-tts

Related skills

More from trailofbits/skills

trailofbits/skills/Software Engineering

dimensional-analysis

This skill orchestrates a dimensional-analysis pipeline for codebases that perform numeric computations with mixed units, precisions, or scaling factors. The main skill context is a workflow controller only: it delegates scanning, vocabulary discovery, annotation, propagation, and validation to specialized subagents,...

Software EngineeringFrontend and DesignNo reviews yetSource trailofbits/skills

trailofbits/skills/Software Engineering

ask-questions-if-underspecified

Ask clarifying questions before implementing when requirements are ambiguous or incomplete.

Software EngineeringFrontend and DesignNo reviews yetSource trailofbits/skills

trailofbits/skills/Software Engineering

modern-python

Modern Python project setup with uv, ruff, and ty for Python 3.11+.

Software EngineeringFrontend and DesignNo reviews yetSource trailofbits/skills

trailofbits/skills/Software Engineering

semgrep

Parallel static analysis scanner with automatic language detection, Pro cross-file taint tracking, and merged SARIF output.

Software EngineeringFrontend and DesignNo reviews yetSource trailofbits/skills

Related skills

Alternatives in Software Engineering

franalgaba/grimoire/Software Engineering

grimoire-morpho-blue

Query Morpho Blue deployment metadata and vault snapshots via the Grimoire CLI.

Software EngineeringFrontend and DesignNo reviews yetSource franalgaba/grimoire

sickn33/antigravity-awesome-skills/Software Engineering

conversation-memory

Persistent memory systems for LLM conversations with tiered storage and intelligent retrieval.

Software EngineeringFrontend and DesignNo reviews yetSource sickn33/antigravity-awesome-skills

nicholasspisak/second-brain/Software Engineering

second-brain-ingest

Process raw source documents into structured, interlinked wiki pages.

Software EngineeringWriting and ContentNo reviews yetSource nicholasspisak/second-brain

aahl/skills/Software Engineering

zai-tts

High-quality text-to-speech audio generation using GLM-TTS with customizable voices and playback parameters.

Software EngineeringFrontend and DesignNo reviews yetSource aahl/skills