Skip to main content
Skill MarketCurated agent workflows
EN中文
EN
Home · 首页/Security & Compliance · 安全与合规/agentic-actions-auditor
#19
Ranked #19 of 103 in this category· 该品类排名 #19 / 共 103 个

agentic-actions-auditor

by trailofbits·6d ago

Audits GitHub Actions workflows for security vulnerabilities in AI agent integrations including Claude Code Action, Gemi

Claude CodeCodexMedium risk · 中风险open source · 开源

Before you install安装前须知

!Accesses the network会访问网络
Editor's verdict· 编辑结论

Auto-published by GitHub discovery based on star threshold.

— Editorial team · 编辑团队

Install via Skills CLI

Use npx skills add to install this skill into the selected agent. Phase 0 commands are generated from source rules, not verified.

Codex
npx skills add https://github.com/trailofbits/skills/tree/main/plugins/agentic-actions-auditor/skills/agentic-actions-auditor -g -a codex -y

Drop `-g` to install project-locally

Best for适合什么场景

  • High-star GitHub skill discovery candidate.

Not for不适合什么场景

  • Sensitive or production workflows without local review.

vs alternativesvs 其他选择

Full compare table完整对比表 →
#1api-security-testing

API安全测试的专业技能和方法论

3.7k stars
diff · 差异Best for the OWASP-API-Top-10 workflow — auth bypass, broken object-level authorization, mass assignment, injection paths through API surfaces. Methodology-driven, not just a scanner. Strongest before a major API release or annual security review. Skip it for infrastructure security (TLS, secret rotation); that's a different toolchain.
#2aig-scanner

A.I.G Scanner — AI security scanning for infrastructure, AI tools / skills, AI Agents, and LLM jailbreak evaluation via

3.6k stars
diff · 差异Best for the AI-specific failure modes — prompt-injection vectors, over-broad tool permissions, agent-escape paths, skill supply-chain risk. Catches issues classical app-sec scanners miss because they don't know what an agent or a skill is. Strongest in agent / skill ecosystem audits. Skip it for traditional web-app pentest; api-security-testing is more efficient there.
#3wooyun-legacy

WooYun business logic vulnerability methodology — 22,132 real cases across 6 domains (authentication bypass, authorizati

1.6k stars
diff · 差异Best for grounding security review in real-world breach patterns — 22,000+ historical Chinese-internet security cases covering business-logic vulnerabilities, IDOR, race conditions, design-level data leaks. A reference corpus, not a scanner. Strongest as input to a threat-model exercise. Skip it as a standalone scanner; pair with api-security-testing for the actual review.

Side-by-side compare维度对比

Key differences with same-lane alternatives
this skill · 当前agentic-actions-auditorapi-security-testingaig-scannerwooyun-legacy
Rating · 评分
Stars · 星标5.6k3.7k3.6k1.6k
Risk · 风险Medium risk · 中风险Medium risk · 中风险Medium risk · 中风险Low risk · 低风险
Best for · 最适合High-star GitHub skill discovery candidate.API安全测试的专业技能和方法论A.I.G Scanner — AI security scanning for infrastructure, AI tools / skills, AI Agents, and LLM jailbreak evaluation via WooYun business logic vulnerability methodology — 22,132 real cases across 6 domains (authentication bypass, authorizati
Not for · 不适合Sensitive or production workflows without local review.Workflows that require stronger human review than this catalog entry documents.Workflows that require stronger human review than this catalog entry documents.Workflows that require stronger human review than this catalog entry documents.

Audit notes审计备注

last reviewed 2026-06-10 · 复查
Source源码open on GitHub · 公开
Author作者community · 社区!
Network网络访问network access · 需联网
Filesystem文件写入writes to repo · 写入仓库!
Dependencies依赖many deps · 依赖较多
Telemetry遥测none · 无
Skill Market
Find the best AI skills for the job·按品类找最好用的 AI 技能
v0.4 · 1286 skills indexed · last review 2026-06-10