deploy-hf
vmain
io.github.Vincentqyw/image-matching-webui/deploy-hf
Release a new imcui version and deploy to HuggingFace Spaces (test → prod). Invoke when user asks to release, deploy, or ship a new version.
io.github.github/awesome-copilot/github-actions-hardening · vmain
Security hardening reviewer for GitHub Actions workflow files (.github/workflows/*.yml). Reasons about the Actions threat model that pattern matchers and general code linters miss — untrusted-input script injection, privileged triggers running fork code, mutable action references, and over-scoped tokens. Use this skill when asked to review, audit, harden, or secure a GitHub Actions workflow, when writing a new workflow, or for any request like "is this workflow safe?", "review my CI for security issues", "why is pull_request_target dangerous here?", "pin my actions", or "lock down GITHUB_TOKEN permissions". Covers script injection via ${{ }} interpolation, pull_request_target / workflow_run privilege escalation, SHA-pinning of third-party actions, least-privilege permissions, GITHUB_ENV/GITHUB_OUTPUT injection, secret exposure, OIDC over long-lived credentials, and self-hosted runner exposure on public repositories.
热度数据
github-actions-hardening 是一个Agent Skill,收录自 SkillsMP。本页提供 Cursor、Claude Code 等客户端的安装配置片段。
Agent Skill 是带 SKILL.md 的指令包。安装后,AI 会根据 description 在匹配任务时自动加载,无需每次手动粘贴提示词。
选择你的平台查看安装方式
选择安装方式
# 改 -a 切换客户端:cursor | claude-code | codex | github-copilot
npx skills add github/awesome-copilot@github-actions-hardening -a cursor -y安装完成后,在对话中直接描述你的任务(或提及技能名称)。Agent 会先读取 SKILL.md 的 description 判断是否启用,再按其中的步骤执行。可用 /skills(Claude Code)或在设置中查看已加载的 Skills。
vmain
io.github.Vincentqyw/image-matching-webui/deploy-hf
Release a new imcui version and deploy to HuggingFace Spaces (test → prod). Invoke when user asks to release, deploy, or ship a new version.
vmain
io.github.kenn-io/agentsview/testing-without-tautologies
Use when creating, editing, fixing, or reviewing tests; when adding mocks, fakes, assertions, unit tests, PG integration tests, frontend component tests, or Playwright e2e tests; or when changing tests after failures.
vmain
io.github.Dynatrace/dynatrace-for-ai/dt-obs-kubernetes
Kubernetes cluster, pod, node, and workload monitoring. Use when analyzing K8s health, resource optimization, pod failures, OOMKills, scheduling, or security posture. Also use for Kubernetes operational events like pod restarts, OOM events, evictions, and cluster event history. Trigger: "Kubernetes pods", "K8s cluster health", "OOMKill", "pod restarts", "container CPU", "namespace resource usage", "over-provisioned pods", "privileged containers", "pod placement", "K8s node capacity", "running containers by cluster", "workload scheduling", "pod evictions", "K8s labels and annotations", "kubernetes events", "pod restart events", "OOM events", "K8s event history". Do NOT use for explaining existing queries, product documentation questions, AWS-specific resource queries, service-level RED metrics, distributed tracing, or log analysis — use the relevant skill instead.
vmaster
io.github.hitobito/hitobito/refactoring
Use when restructuring internal code in hitobito without changing external functionality — for future extensibility, performance, or maintainability.
vmain
io.github.uphiago/recon-skills/docker-privesc
Escape Docker containers to host root via 5 techniques.
vmaster
io.github.Raishin/vanguard-frontier-agentic/css-architecture-design-system-review
Review CSS for specificity and cascade-layer discipline, design-token (custom-property) conformance, and responsive strategy correctness (container queries vs. media queries), catching specificity wars, hardcoded-value token drift, and non-reflowing layouts that fail WCAG 1.4.10/1.4.4 before they compound into unmaintainable stylesheets.
{
"id": "io.github.github/awesome-copilot/github-actions-hardening",
"type": "skill",
"version": "main",
"displayName": "github-actions-hardening",
"description": "Security hardening reviewer for GitHub Actions workflow files (.github/workflows/*.yml). Reasons about the Actions threat model that pattern matchers and general code linters miss — untrusted-input script injection, privileged triggers running fork code, mutable action references, and over-scoped tokens. Use this skill when asked to review, audit, harden, or secure a GitHub Actions workflow, when writing a new workflow, or for any request like \"is this workflow safe?\", \"review my CI for security issues\", \"why is pull_request_target dangerous here?\", \"pin my actions\", or \"lock down GITHUB_TOKEN permissions\". Covers script injection via ${{ }} interpolation, pull_request_target / workflow_run privilege escalation, SHA-pinning of third-party actions, least-privilege permissions, GITHUB_ENV/GITHUB_OUTPUT injection, secret exposure, OIDC over long-lived credentials, and self-hosted runner exposure on public repositories.",
"author": {
"name": "github",
"url": "https://github.com/github"
},
"repository": {
"url": "https://github.com/github/awesome-copilot",
"source": "github",
"subfolder": "skills/github-actions-hardening"
},
"homepage": "https://skillsmp.com/creators/github/awesome-copilot/skills-github-actions-hardening",
"distribution": {
"packages": [
{
"registryType": "source",
"identifier": "github/awesome-copilot@github-actions-hardening",
"version": "main",
"runtimeHint": "npx skills add"
}
],
"remotes": []
},
"dependencies": [],
"installTargets": [
"claude-code",
"claude-desktop",
"cursor",
"codex",
"vscode"
],
"keywords": [
"repo_stars:36011"
],
"provenance": {
"origin": "skillsmp",
"originalId": "github-awesome-copilot-skills-github-actions-hardening-skill-md",
"originalUrl": "https://skillsmp.com/creators/github/awesome-copilot/skills-github-actions-hardening",
"isOfficial": false,
"status": "active"
}
}