[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"skill-57750620-8d82-4ad9-bb79-ee4241995fc6":3,"$fbZa8f9hDlSePA9ft_-Pu5k6b1j0o9DLcsGzg0nUwsKE":43},{"id":4,"title":5,"description":6,"categoryId":7,"moduleId":8,"tags":9,"prompt":10,"icon":11,"source":12,"sourceUrl":13,"authorId":14,"authorName":15,"isPublic":16,"stars":17,"runs":18,"createdAt":19,"updatedAt":19,"module":20,"category":27,"packages":34},"57750620-8d82-4ad9-bb79-ee4241995fc6","gha-security-review","在GitHub Actions工作流程中寻找可利用的漏洞。每个发现都必须包括一个具体的利用场景——如果你无法构建攻击，不要报告。","cat_life_career","mod_other","sickn33,other","---\nname: gha-security-review\ndescription: \"Find exploitable vulnerabilities in GitHub Actions workflows. Every finding MUST include a concrete exploitation scenario — if you can't build the attack, don't report it.\"\nrisk: safe\nsource: community\ndate_added: 2026-03-16\n---\n\n\u003C!--\nAttack patterns and real-world examples sourced from the HackerBot Claw campaign analysis\nby StepSecurity (2025): https:\u002F\u002Fwww.stepsecurity.io\u002Fblog\u002Fhackerbot-claw-github-actions-exploitation\n-->\n\n# GitHub Actions Security Review\n\nFind exploitable vulnerabilities in GitHub Actions workflows. Every finding MUST include a concrete exploitation scenario — if you can't build the attack, don't report it.\n\nThis skill encodes attack patterns from real GitHub Actions exploits — not generic CI\u002FCD theory.\n\n## When to Use\n- You are reviewing GitHub Actions workflows for exploitable security issues.\n- The task requires tracing a concrete attack path from an external attacker to workflow execution or secret exposure.\n- You need a security review of workflow files, composite actions, or workflow-related scripts with evidence-based findings only.\n\n## Scope\n\nReview the workflows provided (file, diff, or repo). Research the codebase as needed to trace complete attack paths before reporting.\n\n### Files to Review\n\n- `.github\u002Fworkflows\u002F*.yml` — all workflow definitions\n- `action.yml` \u002F `action.yaml` — composite actions in the repo\n- `.github\u002Factions\u002F*\u002Faction.yml` — local reusable actions\n- Config files loaded by workflows: `CLAUDE.md`, `AGENTS.md`, `Makefile`, shell scripts under `.github\u002F`\n\n### Out of Scope\n\n- Workflows in other repositories (only note the dependency)\n- GitHub App installation permissions (note if relevant)\n\n## Threat Model\n\nOnly report vulnerabilities exploitable by an **external attacker** — someone **without** write access to the repository. The attacker can open PRs from forks, create issues, and post comments. They cannot push to branches, trigger `workflow_dispatch`, or trigger manual workflows.\n\n**Do not flag** vulnerabilities that require write access to exploit:\n- `workflow_dispatch` input injection — requires write access to trigger\n- Expression injection in `push`-only workflows on protected branches\n- `workflow_call` input injection where all callers are internal\n- Secrets in `workflow_dispatch`\u002F`schedule`-only workflows\n\n## Confidence\n\nReport only **HIGH** and **MEDIUM** confidence findings. Do not report theoretical issues.\n\n| Confidence | Criteria | Action |\n|---|---|---|\n| **HIGH** | Traced the full attack path, confirmed exploitable | Report with exploitation scenario and fix |\n| **MEDIUM** | Attack path partially confirmed, uncertain link | Report as needs verification |\n| **LOW** | Theoretical or mitigated elsewhere | Do not report |\n\nFor each HIGH finding, provide all five elements:\n\n1. **Entry point** — How does the attacker get in? (fork PR, issue comment, branch name, etc.)\n2. **Payload** — What does the attacker send? (actual code\u002FYAML\u002Finput)\n3. **Execution mechanism** — How does the payload run? (expression expansion, checkout + script, etc.)\n4. **Impact** — What does the attacker gain? (token theft, code execution, repo write access)\n5. **PoC sketch** — Concrete steps an attacker would follow\n\nIf you cannot construct all five, report as MEDIUM (needs verification).\n\n---\n\n## Step 1: Classify Triggers and Load References\n\nFor each workflow, identify triggers and load the appropriate reference:\n\n| Trigger \u002F Pattern | Load Reference |\n|---|---|\n| `pull_request_target` | `references\u002Fpwn-request.md` |\n| `issue_comment` with command parsing | `references\u002Fcomment-triggered-commands.md` |\n| `${{ }}` in `run:` blocks | `references\u002Fexpression-injection.md` |\n| PATs \u002F deploy keys \u002F elevated credentials | `references\u002Fcredential-escalation.md` |\n| Checkout PR code + config file loading | `references\u002Fai-prompt-injection-via-ci.md` |\n| Third-party actions (especially unpinned) | `references\u002Fsupply-chain.md` |\n| `permissions:` block or secrets usage | `references\u002Fpermissions-and-secrets.md` |\n| Self-hosted runners, cache\u002Fartifact usage | `references\u002Frunner-infrastructure.md` |\n| Any confirmed finding | `references\u002Freal-world-attacks.md` |\n\nLoad references selectively — only what's relevant to the triggers found.\n\n## Step 2: Check for Vulnerability Classes\n\n### Check 1: Pwn Request\n\nDoes the workflow use `pull_request_target` AND check out fork code?\n- Look for `actions\u002Fcheckout` with `ref:` pointing to PR head\n- Look for local actions (`.\u002F.github\u002Factions\u002F`) that would come from the fork\n- Check if any `run:` step executes code from the checked-out PR\n\n### Check 2: Expression Injection\n\nAre `${{ }}` expressions used inside `run:` blocks in externally-triggerable workflows?\n- Map every `${{ }}` expression in every `run:` step\n- Confirm the value is attacker-controlled (PR title, branch name, comment body — not numeric IDs, SHAs, or repository names)\n- Confirm the expression is in a `run:` block, not `if:`, `with:`, or job-level `env:`\n\n### Check 3: Unauthorized Command Execution\n\nDoes an `issue_comment`-triggered workflow execute commands without authorization?\n- Is there an `author_association` check?\n- Can any GitHub user trigger the command?\n- Does the command handler also use injectable expressions?\n\n### Check 4: Credential Escalation\n\nAre elevated credentials (PATs, deploy keys) accessible to untrusted code?\n- What's the blast radius of each secret?\n- Could a compromised workflow steal long-lived tokens?\n\n### Check 5: Config File Poisoning\n\nDoes the workflow load configuration from PR-supplied files?\n- AI agent instructions: `CLAUDE.md`, `AGENTS.md`, `.cursorrules`\n- Build configuration: `Makefile`, shell scripts\n\n### Check 6: Supply Chain\n\nAre third-party actions securely pinned?\n\n### Check 7: Permissions and Secrets\n\nAre workflow permissions minimal? Are secrets properly scoped?\n\n### Check 8: Runner Infrastructure\n\nAre self-hosted runners, caches, or artifacts used securely?\n\n## Safe Patterns (Do Not Flag)\n\nBefore reporting, check if the pattern is actually safe:\n\n| Pattern | Why Safe |\n|---|---|\n| `pull_request_target` WITHOUT checkout of fork code | Never executes attacker code |\n| `${{ github.event.pull_request.number }}` in `run:` | Numeric only — not injectable |\n| `${{ github.repository }}` \u002F `github.repository_owner` | Repo owner controls this |\n| `${{ secrets.* }}` | Not an expression injection vector |\n| `${{ }}` in `if:` conditions | Evaluated by Actions runtime, not shell |\n| `${{ }}` in `with:` inputs | Passed as string parameters, not shell-evaluated |\n| Actions pinned to full SHA | Immutable reference |\n| `pull_request` trigger (not `_target`) | Runs in fork context with read-only token |\n| Any expression in `workflow_dispatch`\u002F`schedule`\u002F`push` to protected branches | Requires write access — outside threat model |\n\n**Key distinction:** `${{ }}` is dangerous in `run:` blocks (shell expansion) but safe in `if:`, `with:`, and `env:` at the job\u002Fstep level (Actions runtime evaluation).\n\n## Step 3: Validate Before Reporting\n\nBefore including any finding, read the actual workflow YAML and trace the complete attack path:\n\n1. **Read the full workflow** — don't rely on grep output alone\n2. **Trace the trigger** — confirm the event and check `if:` conditions that gate execution\n3. **Trace the expression\u002Fcheckout** — confirm it's in a `run:` block or actually references fork code\n4. **Confirm attacker control** — verify the value maps to something an external attacker sets\n5. **Check existing mitigations** — env var wrapping, author_association checks, restricted permissions, SHA pinning\n\nIf any link is broken, mark MEDIUM (needs verification) or drop the finding.\n\n**If no checks produced a finding, report zero findings. Do not invent issues.**\n\n## Step 4: Report Findings\n\n````markdown\n## GitHub Actions Security Review\n\n### Findings\n\n#### [GHA-001] [Title] (Severity: Critical\u002FHigh\u002FMedium)\n- **Workflow**: `.github\u002Fworkflows\u002Frelease.yml:15`\n- **Trigger**: `pull_request_target`\n- **Confidence**: HIGH — confirmed through attack path tracing\n- **Exploitation Scenario**:\n  1. [Step-by-step attack]\n- **Impact**: [What attacker gains]\n- **Fix**: [Code that fixes the issue]\n\n### Needs Verification\n[MEDIUM confidence items with explanation of what to verify]\n\n### Reviewed and Cleared\n[Workflows reviewed and confirmed safe]\n````\n\nIf no findings: \"No exploitable vulnerabilities identified. All workflows reviewed and cleared.\"\n\n## Limitations\n- Use this skill only when the task clearly matches the scope described above.\n- Do not treat the output as a substitute for environment-specific validation, testing, or expert review.\n- Stop and ask for clarification if required inputs, permissions, safety boundaries, or success criteria are missing.\n","","imported","https:\u002F\u002Fgithub.com\u002Fsickn33\u002Fantigravity-awesome-skills","user_system_seed","SkillOPIC",true,163,445,"2026-05-16 13:19:58",{"id":8,"name":21,"slug":22,"icon":23,"description":24,"sort":25,"createdAt":26},"其他","other","mdi-page-next-outline","其他类型Skill",5,"2026-05-16 12:53:40",{"id":7,"name":28,"slug":29,"icon":30,"description":31,"moduleId":8,"sort":32,"skillCount":33,"createdAt":26},"职场发展","career","mdi-briefcase-outline","面试准备、简历优化、职业规划",4,575,[35],{"id":36,"skillId":4,"version":37,"fileName":38,"fileSize":39,"filePath":40,"fileHash":41,"manifest":42,"createdAt":19},"b84a0145-1f24-4efa-b036-b58608465534","1.0.0","gha-security-review.zip",3685,"uploads\u002Fskills\u002F57750620-8d82-4ad9-bb79-ee4241995fc6\u002Fgha-security-review.zip","c0b79c1805c8d2c3884bfe248384d1dedce4965e039c7bfab810031fe7e576d3","[{\"path\":\"SKILL.md\",\"isDirectory\":false,\"size\":8827}]",{"code":44,"message":45,"data":46},200,"success",{"items":47,"stats":48,"page":51},[],{"averageRating":49,"totalRatings":49,"ratingCounts":50},0,[49,49,49,49,49],{"limit":52,"offset":49,"hasMore":53,"nextOffset":52,"ratedOnly":16},15,false]