This one handles GitHub Actions workflows from scratch or audits existing ones. It detects your project type (Node, Python, Go, etc.) and generates proper CI workflows with SHA-pinned actions, minimal permissions, and concurrency controls. The audit mode scans your workflows against seven rule categories, flags issues by severity, then auto-fixes them using the GitHub CLI to look up commit SHAs. It's opinionated about security practices like action pinning, which is good because most repos get this wrong. If you're setting up CI or inherited workflows that use floating tags everywhere, this will save you from reading GitHub's security docs for the hundredth time.
npx skills add https://github.com/tartinerlabs/skills --skill github-actions