{"id":"acd6d263-d795-4f07-8270-f1f1a3940520","shortId":"dPYpMN","kind":"skill","title":"Audit GitHub Actions for privilege and supply-chain risks with zizmor","tagline":"Run a focused security pass on GitHub Actions workflows before merge so token misuse, dangerous permissions, and unpinned actions are caught early.","description":"# Audit GitHub Actions for privilege and supply-chain risks with zizmor\n\nRun a focused security pass on GitHub Actions workflows before merge so token misuse, dangerous permissions, and unpinned actions are caught early.\n\n## Prerequisites\n\nPython 3.9+ or prebuilt zizmor binary, access to the target repository\n\n## Installation\n\nBasic usage or getting-started notes:\n- [detailed usage recipes].\n- [detailed usage recipes]: https://docs.zizmor.sh/usage/\n\n- Source: https://github.com/zizmorcore/zizmor\n- Extracted from upstream docs: https://raw.githubusercontent.com/zizmorcore/zizmor/HEAD/README.md\n\n## Documentation\n\n- https://woodruffw.github.io/zizmor/\n\n## Source\n\n- [Agent Skill Exchange](https://agentskillexchange.com/skills/audit-github-actions-for-privilege-and-supply-chain-risks-with-zizmor/)","tags":["audit","github","actions","for","privilege","and","supply","chain","risks","with","zizmor","skills"],"capabilities":["skill","source-agentskillexchange","skill-audit-github-actions-for-privilege-and-supply-chain-risks-with-zizmor","topic-agent-skills","topic-ai-agents","topic-ai-tools","topic-awesome-list","topic-claude-code","topic-codex","topic-cursor","topic-llm","topic-mcp","topic-npx-skills","topic-openclaw","topic-skills-catalog"],"categories":["skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/agentskillexchange/skills/audit-github-actions-for-privilege-and-supply-chain-risks-with-zizmor","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add agentskillexchange/skills","source_repo":"https://github.com/agentskillexchange/skills","install_from":"skills.sh"}},"qualityScore":"0.454","qualityRationale":"deterministic score 0.45 from registry signals: · indexed on github topic:agent-skills · 8 github stars · SKILL.md body (803 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T19:09:29.967Z","embedding":null,"createdAt":"2026-05-18T13:15:14.877Z","updatedAt":"2026-05-18T19:09:29.967Z","lastSeenAt":"2026-05-18T19:09:29.967Z","tsv":"'/skills/audit-github-actions-for-privilege-and-supply-chain-risks-with-zizmor/)':119 '/usage/':97 '/zizmor/':112 '/zizmorcore/zizmor':101 '/zizmorcore/zizmor/head/readme.md':108 '3.9':71 'access':76 'action':3,20,31,37,54,65 'agent':114 'agentskillexchange.com':118 'agentskillexchange.com/skills/audit-github-actions-for-privilege-and-supply-chain-risks-with-zizmor/)':117 'audit':1,35 'basic':82 'binari':75 'caught':33,67 'chain':9,43 'danger':27,61 'detail':89,92 'doc':105 'docs.zizmor.sh':96 'docs.zizmor.sh/usage/':95 'document':109 'earli':34,68 'exchang':116 'extract':102 'focus':15,49 'get':86 'getting-start':85 'github':2,19,36,53 'github.com':100 'github.com/zizmorcore/zizmor':99 'instal':81 'merg':23,57 'misus':26,60 'note':88 'pass':17,51 'permiss':28,62 'prebuilt':73 'prerequisit':69 'privileg':5,39 'python':70 'raw.githubusercontent.com':107 'raw.githubusercontent.com/zizmorcore/zizmor/head/readme.md':106 'recip':91,94 'repositori':80 'risk':10,44 'run':13,47 'secur':16,50 'skill':115 'skill-audit-github-actions-for-privilege-and-supply-chain-risks-with-zizmor' 'sourc':98,113 'source-agentskillexchange' 'start':87 'suppli':8,42 'supply-chain':7,41 'target':79 'token':25,59 'topic-agent-skills' 'topic-ai-agents' 'topic-ai-tools' 'topic-awesome-list' 'topic-claude-code' 'topic-codex' 'topic-cursor' 'topic-llm' 'topic-mcp' 'topic-npx-skills' 'topic-openclaw' 'topic-skills-catalog' 'unpin':30,64 'upstream':104 'usag':83,90,93 'woodruffw.github.io':111 'woodruffw.github.io/zizmor/':110 'workflow':21,55 'zizmor':12,46,74","prices":[{"id":"669a11eb-cbe9-4375-bb50-dee64e4379cd","listingId":"acd6d263-d795-4f07-8270-f1f1a3940520","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"agentskillexchange","category":"skills","install_from":"skills.sh"},"createdAt":"2026-05-18T13:15:14.877Z"}],"sources":[{"listingId":"acd6d263-d795-4f07-8270-f1f1a3940520","source":"github","sourceId":"agentskillexchange/skills/audit-github-actions-for-privilege-and-supply-chain-risks-with-zizmor","sourceUrl":"https://github.com/agentskillexchange/skills/tree/main/skills/audit-github-actions-for-privilege-and-supply-chain-risks-with-zizmor","isPrimary":false,"firstSeenAt":"2026-05-18T13:15:14.877Z","lastSeenAt":"2026-05-18T19:09:29.967Z"}],"details":{"listingId":"acd6d263-d795-4f07-8270-f1f1a3940520","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"agentskillexchange","slug":"audit-github-actions-for-privilege-and-supply-chain-risks-with-zizmor","github":{"repo":"agentskillexchange/skills","stars":8,"topics":["agent-skills","ai-agents","ai-tools","awesome-list","claude-code","codex","cursor","llm","mcp","npx-skills","openclaw","skills-catalog"],"license":"mit","html_url":"https://github.com/agentskillexchange/skills","pushed_at":"2026-05-18T19:02:17Z","description":"The open catalog of AI agent skills — 2,000+ security-scanned skills for Claude Code, Cursor, Codex, and more.","skill_md_sha":"8dd7795e4d0555bdeb439ee3e40369aa2a4c0b46","skill_md_path":"skills/audit-github-actions-for-privilege-and-supply-chain-risks-with-zizmor/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/agentskillexchange/skills/tree/main/skills/audit-github-actions-for-privilege-and-supply-chain-risks-with-zizmor"},"layout":"multi","source":"github","category":"skills","frontmatter":{"name":"Audit GitHub Actions for privilege and supply-chain risks with zizmor","description":"Run a focused security pass on GitHub Actions workflows before merge so token misuse, dangerous permissions, and unpinned actions are caught early."},"skills_sh_url":"https://skills.sh/agentskillexchange/skills/audit-github-actions-for-privilege-and-supply-chain-risks-with-zizmor"},"updatedAt":"2026-05-18T19:09:29.967Z"}}