oxidized-skills

Version updated for https://github.com/jbovet/oxidized-skills to version v0.3.0.

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

This GitHub Action, “oxidized-skills,” is a security auditing tool designed to scan AI agent skill directories for vulnerabilities such as dangerous code patterns, prompt injection risks, and supply chain threats. It automates comprehensive static analysis, secret scanning, package audit, and shell script linting while providing actionable insights, including a security score and multiple output formats like JSON and SARIF. Its key capabilities include parallel scanning, suppression systems, and seamless integration into CI/CD pipelines with zero runtime dependencies.

Release notes

What’s Changed

• feat: add TypeScript security pattern scanner and related tests by @jbovet in https://github.com/jbovet/oxidized-skills/pull/5
• feat: add validation for name-directory mismatch in frontmatter and e… by @jbovet in https://github.com/jbovet/oxidized-skills/pull/6
• Improve security scanners by @jbovet in https://github.com/jbovet/oxidized-skills/pull/7

Full Changelog: https://github.com/jbovet/oxidized-skills/compare/v0.2.0...v0.3.0

• jbovet
• GitHub Actions