github-workflow-automation
Automates GitHub workflows using AI for PR reviews, issue triage, and CI/CD integration, enhancing development efficiency.
Install this skill
Security score
The github-workflow-automation skill was audited on Feb 28, 2026 and we found 33 security issues across 2 threat categories, including 6 critical. Review the findings below before installing.
Categories Tested
Security Issues
Direct command execution function call
| 562 | const commitInfo = await exec(`git show ${commitHash} --stat`); |
Direct command execution function call
| 565 | const targetDiff = await exec( |
Direct command execution function call
| 583 | await exec( |
Direct command execution function call
| 586 | const result = await exec(`git cherry-pick ${commitHash}`, { |
Direct command execution function call
| 599 | await exec(`git checkout ${targetBranch}`); |
Direct command execution function call
| 600 | await exec(`git cherry-pick ${commitHash}`); |
Template literal with variable interpolation in command context
| 29 | ```yaml |
Template literal with variable interpolation in command context
| 77 | content: `Review this PR diff and provide feedback: |
Template literal with variable interpolation in command context
| 90 | Format as GitHub markdown.` |
Template literal with variable interpolation in command context
| 150 | ```yaml |
Template literal with variable interpolation in command context
| 215 | labels.push(`area: ${analysis.area}`); |
Template literal with variable interpolation in command context
| 311 | ```yaml |
Template literal with variable interpolation in command context
| 412 | const prompt = ` |
Template literal with variable interpolation in command context
| 424 | `; |
Template literal with variable interpolation in command context
| 450 | ```yaml |
Template literal with variable interpolation in command context
| 493 | "text": "*Rollback executed*\n• Version: `${{ steps.stable.outputs.version }}`\n• Reason: ${{ inputs.reason }}\n• Triggered by: ${{ github.actor }}" |
Template literal with variable interpolation in command context
| 506 | ```yaml |
Template literal with variable interpolation in command context
| 562 | const commitInfo = await exec(`git show ${commitHash} --stat`); |
Template literal with variable interpolation in command context
| 566 | `git diff ${targetBranch}...HEAD -- ${affectedFiles}` |
Template literal with variable interpolation in command context
| 570 | const analysis = await ai.analyze(` |
Template literal with variable interpolation in command context
| 584 | `git checkout -b cherry-pick-${commitHash.slice(0, 7)} ${targetBranch}` |
Template literal with variable interpolation in command context
| 586 | const result = await exec(`git cherry-pick ${commitHash}`, { |
Template literal with variable interpolation in command context
| 599 | await exec(`git checkout ${targetBranch}`); |
Template literal with variable interpolation in command context
| 600 | await exec(`git cherry-pick ${commitHash}`); |
Template literal with variable interpolation in command context
| 643 | const branches = `${{ steps.stale.outputs.branches }}`.split('\n').filter(Boolean); |
Template literal with variable interpolation in command context
| 645 | const body = `## 🧹 Stale Branch Cleanup |
Template literal with variable interpolation in command context
| 672 | ```yaml |
Template literal with variable interpolation in command context
| 715 | const response = await ai.chat(` |
Template literal with variable interpolation in command context
| 721 | `); |
Access to .env file
| 70 | const client = new Anthropic({ apiKey: process.env.ANTHROPIC_API_KEY }); |
Access to .env file
| 415 | ${process.env.CHANGES} |
Access to .env file
| 716 | Context: ${process.env.CONTEXT} |
Access to .env file
| 718 | Question: ${process.env.QUESTION} |