SKILL·CEE64C

agentic-actions-auditor

trailofbits
Updated 1 month ago
9 views
5,950
521
5,950
View on GitHub
Developmentaiautomation

About

This skill audits GitHub Actions workflows for security vulnerabilities in AI agent integrations like Claude Code Action and OpenAI Codex. It detects attack vectors where attacker-controlled input reaches AI agents in CI/CD pipelines, including expression injection and dangerous configurations. Use it when reviewing workflow files that invoke AI coding agents or auditing CI/CD pipeline security for prompt injection risks.

Quick Install

Claude Code

Recommended
Primary
npx skills add trailofbits/skills -a claude-code
Plugin CommandAlternative
/plugin add https://github.com/trailofbits/skills
Git CloneAlternative
git clone https://github.com/trailofbits/skills.git ~/.claude/skills/agentic-actions-auditor

Copy and paste this command in Claude Code to install this skill

GitHub Repository

trailofbits/skills
Path: plugins/agentic-actions-auditor/skills/agentic-actions-auditor
0
agent-skills
FAQ

Frequently asked questions

What is the agentic-actions-auditor skill?

agentic-actions-auditor is a Claude Skill by trailofbits. Skills package instructions and resources that Claude loads on demand, so Claude can perform agentic-actions-auditor-related tasks without extra prompting.

How do I install agentic-actions-auditor?

Use the install commands on this page: add agentic-actions-auditor to Claude Code as a plugin, or clone its repository into your skills directory, then restart Claude so it picks up the skill.

What category does agentic-actions-auditor belong to?

agentic-actions-auditor is in the Development category, tagged ai and automation.

Is agentic-actions-auditor free to use?

Yes. agentic-actions-auditor is listed on AIMCP and free to install. It runs inside Claude, so no separate service account is required to use the skill itself.

Related Skills

qmd
Development

qmd is a local search and indexing CLI tool that enables developers to index and search through local files using hybrid search combining BM25, vector embeddings, and reranking. It supports both command-line usage and MCP (Model Context Protocol) mode for integration with Claude. The tool uses Ollama for embeddings and stores indexes locally, making it ideal for searching documentation or codebases directly from the terminal.

View skill
subagent-driven-development
Development

This skill executes implementation plans by dispatching a fresh subagent for each independent task, with code review between tasks. It enables fast iteration while maintaining quality gates through this review process. Use it when working on mostly independent tasks within the same session to ensure continuous progress with built-in quality checks.

View skill
mcporter
Development

The mcporter skill enables developers to manage and call Model Context Protocol (MCP) servers directly from Claude. It provides commands to list available servers, call their tools with arguments, and handle authentication and daemon lifecycle. Use this skill for integrating and testing MCP server functionality in your development workflow.

View skill
adk-deployment-specialist
Development

This skill deploys and orchestrates Vertex AI ADK agents using A2A protocol, managing AgentCard discovery, task submission, and supporting tools like Code Execution Sandbox and Memory Bank. It enables building multi-agent systems with sequential, parallel, or loop orchestration patterns in Python, Java, or Go. Use it when asked to deploy ADK agents or orchestrate agent workflows on Google Cloud.

View skill