GitHub Actions Actor Reliability Audit
Security checks across malware telemetry and agentic risk
Overview
This skill locally analyzes user-selected GitHub Actions JSON exports and reports reliability by actor without installing software, using credentials, persisting state, or sending data elsewhere.
Install this if you want a local CI reliability report. Point RUN_GLOB only at the GitHub Actions exports you intend to analyze, since output can include actor, repository, run ID, and URL details. Enable FAIL_ON_CRITICAL only when you intentionally want critical findings to fail a CI job or automation step.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.