Agentic Actions Auditor
Skill Verified ActiveAudits GitHub Actions workflows for security vulnerabilities in AI agent integrations including Claude Code Action, Gemini CLI, OpenAI Codex, and GitHub AI Inference. Detects attack vectors where attacker-controlled input reaches AI agents running in CI/CD pipelines, including env var intermediary patterns, direct expression injection, dangerous sandbox configurations, and wildcard user allowlists. Use when reviewing workflow files that invoke AI coding agents, auditing CI/CD pipeline security for prompt injection risks, or evaluating agentic action configurations.
To empower security professionals and developers to audit GitHub Actions workflows for AI agent security vulnerabilities, ensuring CI/CD pipelines are protected against prompt injection and other attack vectors.
Features
- Detects prompt injection via direct expressions, env vars, and CLI fetches.
- Identifies dangerous sandbox configurations and wildcard user allowlists.
- Analyzes cross-file references for hidden AI agents.
- Provides detailed remediation guidance for each attack vector.
- Supports both local and remote repository analysis.
Use Cases
- Auditing a repository's GitHub Actions workflows for AI agent security.
- Reviewing CI/CD configurations that invoke AI coding agents.
- Evaluating agentic action configurations for security risks.
- Assessing trigger events that expose workflows to external input.
Non-Goals
- Performing runtime prompt injection testing.
- Auto-fixing or modifying workflow files.
- Auditing non-GitHub CI/CD systems.
- Reviewing standalone composite actions outside of a caller workflow context.
Workflow
- Determine analysis mode (local or remote).
- Discover GitHub Actions workflow files.
- Identify AI action steps using `uses:` references.
- Capture security context (trigger events, env vars, permissions).
- Analyze for specific attack vectors (env var intermediary, direct injection, etc.).
- Report findings with detailed evidence, data flow, and remediation.
Practices
- Security Auditing
- CI/CD Security
- Prompt Injection Detection
- Static Analysis
Prerequisites
- GitHub CLI (`gh`) installed and authenticated
- Access to the GitHub repository being audited
Installation
First, add the marketplace
/plugin marketplace add trailofbits/skills/plugin install agentic-actions-auditor@trailofbitsQuality Score
VerifiedTrust Signals
Similar Extensions
Ship Gate
100Pre-production audit that scans a codebase for security, database, deployment, code quality, AI/LLM, dependency, frontend, and observability issues. Intercepts deploy commands and blocks until critical items pass. Stack-agnostic. Use for "run ship gate", "am I ready to ship", "pre-launch audit", "can I deploy", "push to production", "go live checklist", "preflight check". Not for CI/CD setup or infra provisioning.
Secrets Management
100Implement secure secrets management for CI/CD pipelines using Vault, AWS Secrets Manager, or native platform solutions. Use when handling sensitive credentials, rotating secrets, or securing CI/CD environments.
Ci Cd Pipeline Builder
100CI/CD Pipeline Builder
Prompt Guard
100Meta's 86M prompt injection and jailbreak detector. Filters malicious prompts and third-party data for LLM apps. 99%+ TPR, <1% FPR. Fast (<2ms GPU). Multilingual (8 languages). Deploy with HuggingFace or batch processing for RAG security.
Github Workflow Automation
99Advanced GitHub Actions workflow automation with AI swarm coordination, intelligent CI/CD pipelines, and comprehensive repository management
TradeMemory Protocol
100Domain knowledge for the Evolution Engine — LLM-powered autonomous strategy discovery from raw OHLCV data. Covers the generate-backtest-select-evolve loop, vectorized backtesting, out-of-sample validation, and strategy graduation. Use when discovering trading patterns, running backtests, evolving strategies, or reviewing evolution logs. Triggers on "evolve", "discover patterns", "backtest", "evolution", "strategy generation", "candidate strategy".