{"id":"7386f762-6928-4996-9d6b-b51f077ddfd3","shortId":"n5Qasc","kind":"skill","title":"Audit GitHub Actions workflows for insecure permissions and unpinned actions","tagline":"This ASE skill uses zizmor to audit GitHub Actions workflows and composite actions for security mistakes before they ship. An agent can scan local repos or remote GitHub repositories, flag risky permission scopes and unsafe workflow patterns, and return plain output, GitHub-nativ","description":"# Audit GitHub Actions workflows for insecure permissions and unpinned actions\n\nThis ASE skill uses zizmor to audit GitHub Actions workflows and composite actions for security mistakes before they ship. An agent can scan local repos or remote GitHub repositories, flag risky permission scopes and unsafe workflow patterns, and return plain output, GitHub-native findings, or SARIF for follow-up automation.\n\n## Prerequisites\n\nGitHub Actions workflow files or a GitHub repository, with a GitHub token only when auditing remote or private repos\n\n## Installation\n\nBasic usage or getting-started notes:\n- [detailed usage recipes].\n- [detailed usage recipes]: https://docs.zizmor.sh/usage/\n\n- Source: https://github.com/zizmorcore/zizmor\n- Extracted from upstream docs: https://raw.githubusercontent.com/zizmorcore/zizmor/HEAD/README.md\n\n## Documentation\n\n- https://docs.zizmor.sh/\n\n## Source\n\n- [Agent Skill Exchange](https://agentskillexchange.com/skills/audit-github-actions-workflows-for-insecure-permissions-and-unpinned-actions/)","tags":["audit","github","actions","workflows","for","insecure","permissions","and","unpinned","skills","agentskillexchange","agent-skills"],"capabilities":["skill","source-agentskillexchange","skill-audit-github-actions-workflows-for-insecure-permissions-and-unpinned-actions","topic-agent-skills","topic-ai-agents","topic-ai-tools","topic-awesome-list","topic-claude-code","topic-codex","topic-cursor","topic-llm","topic-mcp","topic-npx-skills","topic-openclaw","topic-skills-catalog"],"categories":["skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/agentskillexchange/skills/audit-github-actions-workflows-for-insecure-permissions-and-unpinned-actions","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add agentskillexchange/skills","source_repo":"https://github.com/agentskillexchange/skills","install_from":"skills.sh"}},"qualityScore":"0.454","qualityRationale":"deterministic score 0.45 from registry signals: · indexed on github topic:agent-skills · 8 github stars · SKILL.md body (1,030 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T19:09:30.081Z","embedding":null,"createdAt":"2026-05-18T13:15:15.024Z","updatedAt":"2026-05-18T19:09:30.081Z","lastSeenAt":"2026-05-18T19:09:30.081Z","tsv":"'/skills/audit-github-actions-workflows-for-insecure-permissions-and-unpinned-actions/)':173 '/usage/':153 '/zizmorcore/zizmor':157 '/zizmorcore/zizmor/head/readme.md':164 'action':3,10,19,23,57,64,73,77,119 'agent':31,85,168 'agentskillexchange.com':172 'agentskillexchange.com/skills/audit-github-actions-workflows-for-insecure-permissions-and-unpinned-actions/)':171 'ase':12,66 'audit':1,17,55,71,132 'autom':116 'basic':138 'composit':22,76 'detail':145,148 'doc':161 'docs.zizmor.sh':152,166 'docs.zizmor.sh/usage/':151 'document':165 'exchang':170 'extract':158 'file':121 'find':109 'flag':40,94 'follow':114 'follow-up':113 'get':142 'getting-start':141 'github':2,18,38,53,56,72,92,107,118,124,128 'github-n':106 'github-nativ':52 'github.com':156 'github.com/zizmorcore/zizmor':155 'insecur':6,60 'instal':137 'local':34,88 'mistak':26,80 'nativ':54,108 'note':144 'output':51,105 'pattern':47,101 'permiss':7,42,61,96 'plain':50,104 'prerequisit':117 'privat':135 'raw.githubusercontent.com':163 'raw.githubusercontent.com/zizmorcore/zizmor/head/readme.md':162 'recip':147,150 'remot':37,91,133 'repo':35,89,136 'repositori':39,93,125 'return':49,103 'riski':41,95 'sarif':111 'scan':33,87 'scope':43,97 'secur':25,79 'ship':29,83 'skill':13,67,169 'skill-audit-github-actions-workflows-for-insecure-permissions-and-unpinned-actions' 'sourc':154,167 'source-agentskillexchange' 'start':143 'token':129 'topic-agent-skills' 'topic-ai-agents' 'topic-ai-tools' 'topic-awesome-list' 'topic-claude-code' 'topic-codex' 'topic-cursor' 'topic-llm' 'topic-mcp' 'topic-npx-skills' 'topic-openclaw' 'topic-skills-catalog' 'unpin':9,63 'unsaf':45,99 'upstream':160 'usag':139,146,149 'use':14,68 'workflow':4,20,46,58,74,100,120 'zizmor':15,69","prices":[{"id":"45c835d9-0b8c-41d6-87d4-329cbfc24815","listingId":"7386f762-6928-4996-9d6b-b51f077ddfd3","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"agentskillexchange","category":"skills","install_from":"skills.sh"},"createdAt":"2026-05-18T13:15:15.024Z"}],"sources":[{"listingId":"7386f762-6928-4996-9d6b-b51f077ddfd3","source":"github","sourceId":"agentskillexchange/skills/audit-github-actions-workflows-for-insecure-permissions-and-unpinned-actions","sourceUrl":"https://github.com/agentskillexchange/skills/tree/main/skills/audit-github-actions-workflows-for-insecure-permissions-and-unpinned-actions","isPrimary":false,"firstSeenAt":"2026-05-18T13:15:15.024Z","lastSeenAt":"2026-05-18T19:09:30.081Z"}],"details":{"listingId":"7386f762-6928-4996-9d6b-b51f077ddfd3","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"agentskillexchange","slug":"audit-github-actions-workflows-for-insecure-permissions-and-unpinned-actions","github":{"repo":"agentskillexchange/skills","stars":8,"topics":["agent-skills","ai-agents","ai-tools","awesome-list","claude-code","codex","cursor","llm","mcp","npx-skills","openclaw","skills-catalog"],"license":"mit","html_url":"https://github.com/agentskillexchange/skills","pushed_at":"2026-05-18T19:02:17Z","description":"The open catalog of AI agent skills — 2,000+ security-scanned skills for Claude Code, Cursor, Codex, and more.","skill_md_sha":"383966be54af2033737a6a5101f56786d144eefb","skill_md_path":"skills/audit-github-actions-workflows-for-insecure-permissions-and-unpinned-actions/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/agentskillexchange/skills/tree/main/skills/audit-github-actions-workflows-for-insecure-permissions-and-unpinned-actions"},"layout":"multi","source":"github","category":"skills","frontmatter":{"name":"Audit GitHub Actions workflows for insecure permissions and unpinned actions","description":"This ASE skill uses zizmor to audit GitHub Actions workflows and composite actions for security mistakes before they ship. An agent can scan local repos or remote GitHub repositories, flag risky permission scopes and unsafe workflow patterns, and return plain output, GitHub-native findings, or SARIF for follow-up automation."},"skills_sh_url":"https://skills.sh/agentskillexchange/skills/audit-github-actions-workflows-for-insecure-permissions-and-unpinned-actions"},"updatedAt":"2026-05-18T19:09:30.081Z"}}