Scans your GitHub Actions for places where untrusted input (PR comments, commits, issues) could reach Claude or other AI agents running in your pipeline, exposing secrets or malicious code execution.
Best for: Engineering leads securing CI/CD pipelines that use AI agents for code review or automation.
Creator's repository · trailofbits/skills
License: CC-BY-SA-4.0