MR
Mayur Rathi
@sickn33
⭐ 39.1k GitHub stars

gha-security-review

gha-security-review是一款code方向的AI技能,核心价值是Find exploitable vulnerabilities in GitHub Actions workflows,可用于解决开发者在code领域的实际问题,帮助用户提升效率、自动化重复任务或优化工作流。

Find exploitable vulnerabilities in GitHub Actions workflows. Every finding MUST include a concrete exploitation scenario — if you can't build the attack, don't report it.

Last verified on: 2026-05-30
mkdir -p ./skills/gha-security-review && curl -sfL https://raw.githubusercontent.com/sickn33/antigravity-awesome-skills/main/skills/gha-security-review/SKILL.md -o ./skills/gha-security-review/SKILL.md

Run in terminal / PowerShell. Requires curl (Unix) or PowerShell 5+ (Windows).

Skill Content

Find exploitable vulnerabilities in GitHub Actions workflows. Every finding MUST include a concrete exploitation scenario — if you can't build the attack, don't report it.

🎯 Best For

  • Engineering teams doing code reviews
  • Open source maintainers
  • Security auditors
  • DevSecOps teams
  • Compliance officers

💡 Use Cases

  • Reviewing pull requests for security vulnerabilities
  • Checking code style consistency
  • Auditing dependencies for known CVEs
  • Scanning API endpoints for auth gaps

📖 How to Use This Skill

  1. 1

    Install the Skill

    Copy the install command from the Terminal tab and run it. The SKILL.md file downloads to your local skills directory.

  2. 2

    Load into Your AI Assistant

    Open Claude and reference the skill. Paste the SKILL.md content or use the system prompt tab.

  3. 3

    Apply gha-security-review to Your Work

    Open your project in the AI assistant and ask it to apply the skill. Start with a small module to verify the output quality.

  4. 4

    Review and Refine

    Review AI suggestions before committing. Run tests, check for regressions, and iterate on the skill output.

❓ Frequently Asked Questions

Does this skill check for OWASP Top 10?

Security-focused review skills often include OWASP checks. Check the skill content for specific vulnerability categories covered.

Can this replace a dedicated SAST tool?

AI-based security review is complementary to SAST tools. Use it as a first-pass filter, not a replacement.

Does this work with Figma?

Some design skills integrate with Figma plugins. Check the Works With section for supported tools.

Is gha-security-review compatible with Cursor and VS Code?

Yes — this skill works with any AI coding assistant including Cursor, VS Code with Copilot, and JetBrains IDEs.

Do I need specific dependencies for gha-security-review?

Check the install command and Works With section. Most code skills only require the AI assistant and your codebase.

⚠️ Common Mistakes to Avoid

Blindly accepting AI suggestions

Always verify AI-generated review comments. Some suggestions may not apply to your specific codebase conventions.

Only scanning surface-level issues

Deep security review requires understanding your app architecture, not just regex patterns.

Skipping usability testing

AI-generated designs should be validated with real users before development.

Skipping validation

Always test AI-generated code changes, even for simple refactors.

🔗 Related Skills

007 007ai-code-review-checklist AI Code Review Checklistai-code-reviewer AI Code Reviewerai-prompt-engineering-safety-review Ai-Prompt-Engineering-Safety-Reviewcc-skill-security-review Cc Skill Security Reviewcode-review-checklist Code Review Checklist