github-actions-creator
Facilitates the creation and management of GitHub Actions workflows for CI/CD, testing, deployment, and automation tasks.
Install this skill
Security score
The github-actions-creator skill was audited on Feb 28, 2026 and we found 11 security issues across 2 threat categories, including 3 high-severity. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 64 | ```yaml |
Template literal with variable interpolation in command context
| 176 | 3. **Never echo secrets:** Secrets are masked but avoid `echo ${{ secrets.X }}` |
Template literal with variable interpolation in command context
| 179 | 6. **Avoid script injection:** Never use `${{ github.event.*.body }}` directly in `run:` — pass via environment variables |
Template literal with variable interpolation in command context
| 180 | 7. **Use GITHUB_TOKEN:** Prefer `${{ secrets.GITHUB_TOKEN }}` over PATs when possible |
Template literal with variable interpolation in command context
| 183 | ```yaml |
Template literal with variable interpolation in command context
| 220 | ```yaml |
Template literal with variable interpolation in command context
| 250 | ```yaml |
Access to hidden dotfiles in home directory
| 224 | ~/.cargo/bin/ |
Access to hidden dotfiles in home directory
| 225 | ~/.cargo/registry/index/ |
Access to hidden dotfiles in home directory
| 226 | ~/.cargo/registry/cache/ |
Access to .env file
| 39 | - `.env.example` → environment variables needed |