developer
Provides comprehensive guidelines for organizing and validating code in GitHub Agentic Workflows, enhancing development efficiency.
Install this skill
Security score
The developer skill was audited on Feb 27, 2026 and we found 11 security issues across 3 threat categories, including 2 high-severity. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 635 | GitHub Actions expressions (`${{ }}`) are evaluated before workflow execution. If untrusted data (issue titles, PR bodies, comments) flows into these expressions, attackers can inject malicious code. |
Template literal with variable interpolation in command context
| 639 | ```yaml |
Template literal with variable interpolation in command context
| 658 | ```yaml |
Template literal with variable interpolation in command context
| 679 | ```mermaid |
Template literal with variable interpolation in command context
| 707 | ```yaml |
Template literal with variable interpolation in command context
| 774 | ```yaml |
Template literal with variable interpolation in command context
| 923 | - [ ] No untrusted input in `${{ }}` expressions |
Curl to non-GitHub URL
| 824 | curl -s https://api.github.com/repos/actions/checkout/git/refs/tags/v4.1.1 |
External URL reference
| 824 | curl -s https://api.github.com/repos/actions/checkout/git/refs/tags/v4.1.1 |
External URL reference
| 1020 | > To add this workflow in your repository, run `gh aw add owner/repo/path@ref`. See [usage guide](https://github.github.com/gh-aw/setup/cli/). |
External URL reference
| 1841 | - **Semantic Versioning**: https://semver.org/ |