check_workflow
Validate CI workflow YAML for security risks before merging a PR. Flags mutable action pins, compromised actions, and secret exposure, returning a risk score and merge decision.
Instructions
Validate a CI workflow (GitHub Actions / GitLab CI YAML) BEFORE merging a PR that touches it. Flags mutable action pins, known-compromised actions, untrusted owners, curl|bash fetch-exec, pull_request_target pwn-requests, and secret exposure. Returns risk 0-100 + merge recommendation (PROCEED/REVIEW/BLOCK).
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| platform | No | github-actions | |
| workflow_content | Yes | Raw CI workflow YAML text. |