github · GitHub Actions Docs

Actions Script injections - GitHub Docs

Explains how script injection vulnerabilities occur in GitHub Actions workflows and provides guidance on preventing them by sanitizing inputs and avoiding unsafe patterns.

Import to Prompt Buddy

Derived skill

Files assembled from official documentation

Viewing SKILL.md

Actions Script injections - GitHub Docs

Explains how script injection vulnerabilities occur in GitHub Actions workflows and provides guidance on preventing them by sanitizing inputs and avoiding unsafe patterns.

When To Use

Use when you need to secure GitHub Actions workflows against malicious input or prevent command injection during script execution.

Reference Files

File	Contains	Use For
`SKILL.md`	Entry point: scope, routing table, and workflow.	Start here.
`docs/actions-security-script-injections-github-docs-workflow-guide.md`	A guide explaining the security risks and attack vectors associated with script injections in GitHub Actions workflows.	Questions about a guide explaining the security risks and attack vectors associated with script injections in GitHub Actions workflows.
`examples/actions-security-script-injections-github-docs-github-actions-script-inj.text`	A YAML workflow snippet demonstrating a security vulnerability where a pull request title is directly injected into a shell script.	Exact payloads, commands, or snippets shown in A YAML workflow snippet demonstrating a security vulnerability where a pull request title is directly injected into a...
`examples/actions-security-script-injections-github-docs-github-actions-script-inj-2.text`	A text representation of a GitHub Actions workflow and script demonstrating potential script injection vulnerabilities.	Exact payloads, commands, or snippets shown in A text representation of a GitHub Actions workflow and script demonstrating potential script injection vulnerabilities.

What This Skill Covers

- GitHub Actions / - Concepts / - Security / - Script injections
Main sections: Understanding the risk of script injections, Example of a script injection attack.

Workflow

Open the most relevant file under docs/ for the exact documented workflow and wording.
Open schemas/ files for exact structured contracts.
Open examples/ files for concrete requests, commands, snippets, and manifests.
Do not add behavior or configuration that is not present in the attached source files.

Canonical source: https://docs.github.com/en/actions/concepts/security/script-injections

Skill metadata

Name: Actions Script injections - GitHub Docs
Author: Bruno HANSS - Prompt Buddy
Generation mode: Ai Assisted Human Authored
Source count: 1

Provenance

Source program: GitHub Actions Docs
Last generated: May 10, 2026
Last source sync: Unknown
Source pages: 1

Safety model

Canonical source pages are preserved separately. Derived files record source evidence and require zero AI-generated facts.

File tree

Source links

https://docs.github.com/en/actions/concepts/security/script-injections Back to skills