{"skill":{"slug":"github-actions-self-hosted-risk-audit","displayName":"GitHub Actions Self-Hosted Risk Audit","summary":"Audit GitHub Actions workflows that use self-hosted runners for untrusted trigger and credential-hardening risks.","tags":{"latest":"1.0.0"},"stats":{"comments":0,"downloads":278,"installsAllTime":0,"installsCurrent":0,"stars":0,"versions":1},"createdAt":1772932067317,"updatedAt":1777525723470},"latestVersion":{"version":"1.0.0","createdAt":1772932067317,"changelog":"Initial release of github-actions-self-hosted-risk-audit.\n\n- Scans GitHub Actions workflows for use of self-hosted runners and flags risky configurations.\n- Detects dangerous trigger combinations, privilege escalation, overly broad runner selection, and insecure checkout steps.\n- Supports customizable input options including file glob, output format (text/json), scoring thresholds, and CI fail gating.\n- Outputs either a summary report or detailed JSON, and can fail CI on critical findings.","license":null},"metadata":{"os":null,"systems":null},"owner":{"handle":"daniellummis","userId":"publishers:daniellummis","displayName":"Daniel Lummis","image":"https://avatars.githubusercontent.com/u/65238171?v=4"},"moderation":null}