July 2, 2026
Polygraph MCP gate
Version updated for https://github.com/polygraphso/litmus to version litmus-v0.23.0.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed litmus-v11 — C-02 gains expected-upstream inference, fixing a first-party-egress false positive.
An honest API-wrapper server — a tool that transparently calls the API it advertises (openai_chat → api.openai.com) — made an undeclared egress attempt and was capped at D, even though the upstream is the very API its own surface names. Before an undeclared host is now counted as overreach, the harness infers whether it is a plausible upstream for the server’s own tool surface: a host named verbatim in the tool text (strong), or an egress host whose registrable label matches a non-generic brand token drawn from the surface and the package owner/name (medium, plain-TLD hosts only). A match reclassifies the attempt from overreach into an informational egress-inferred finding — disclosure, not exoneration.
July 2, 2026
Prowler Security Scan
Version updated for https://github.com/prowler-cloud/prowler to version 5.32.0.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed ✨ New features to highlight in this version Enjoy them all now for free at https://cloud.prowler.com
🔎 Findings Triage [!NOTE] This feature is available exclusively in Prowler Cloud and Prowler Enterprise with a subscription.
Triage findings straight from the Findings view. Each finding gets a triage status you can move through its lifecycle:
July 2, 2026
Assay - AI Agent Security
Version updated for https://github.com/Rul1an/assay-action to version v3.0.1.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed v3 is the current major: verify, lint, and diff evidence bundles from AI agent runs in CI, with coding-agent sandbox governance and in-toto/DSSE bundle attestation.
What v3 carries
sandbox-command: run a coding agent under assay sandbox and verify the resulting evidence bundle in the same job. attest-key: in-toto/DSSE attestation over the bundle (assay evidence attest). The v2.1 AI Agent Security feature set: compliance packs, BYOS push, artifact attestation, coverage badges, PR summaries, SARIF for code scanning. v3.0.1 fixes
July 2, 2026
CDK Lambda Size Gate
Version updated for https://github.com/schuettc/cdk-lambda-size-gate to version v1.0.1.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Changelog 16da0508205b06be18de0adb4a721ba5fc07182a: ci: e2e verification of the published action (v1.0.0 + v1, linux + windows) (@schuettc) 1d399dc296ec3f1977e607a204deb0fc133a8109: fix(action): shorten description under Marketplace 125-char limit (@schuettc)
July 2, 2026
Bernstein — Multi-Agent Orchestration
Version updated for https://github.com/sipyourdrink-ltd/bernstein to version v2.13.0.
This action is used across all versions by 5 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed v2.13.0 Released 2026-07-02.
Run-safety guardrails and per-role endpoint configuration.
Fixes (run safety) GitHub backlog auto-sync is now opt-in and off by default. Previously a run in a repository with open GitHub issues would pull every open issue into the backlog before task scoping, which could silently discard a seeded goal and spawn work against the entire issue list. Enable it explicitly with the github.sync_backlog seed config key (or the BERNSTEIN_SYNC_GITHUB_BACKLOG env override). (#2178) A seeded goal is no longer silently dropped when the backlog is non-empty: the run now prints a loud warning naming the precedence and how to force the goal, instead of quietly planning from the backlog. (#2178) Agent worktree merges refuse to land on the repository default branch. The merge and push path resolves the protected default (origin/HEAD, then init.defaultBranch, then the conventional names, treating both main and master as protected when the remote head is ambiguous) and refuses to merge or push agent work onto it, recording the refusal, so a run started from a default-branch checkout can no longer push unreviewed commits straight to the trunk. (#2178) Features (per-role model configuration) role_model_policy entries gain optional base_url and api_key_env next to model/provider, so different roles can target different OpenAI-compatible endpoints in one workflow (for example a fast manager endpoint and cheaper worker endpoints). api_key_env names an environment variable and is validated against the same fail-closed provider allowlist as the runner. YAML anchors give reuse across roles with no new file format. Absent fields keep today’s behavior. (#2159) ModeProfile gains top_p, top_k, and max_tokens beside its existing temperature, and the previously-deferred apply_mode_to_spawn wiring is completed so a mode profile’s sampling parameters actually reach the spawn and the runner manifest. (#2159) Opt-in builtin tools for the openai_agents runner, for runs without an MCP gateway, selected by tool_source: builtin (the gateway remains the default). read_file, write_file, and list_dir are workdir-confined (absolute and parent-escape paths are rejected). run_command is a restricted process-exec primitive: bare-name commands only, shell interpreters blocked, resolved against PATH, available only under a configured OS sandbox provider or an explicit opt-in; its filesystem confinement is the OS sandbox, not the builtin. Every builtin call is recorded to the run event log so a gateway-free run stays auditable. (#2159) Quality Resolved refurb FURB123 findings in the OWASP control-map builders.
July 2, 2026
Pipr Review
Version updated for https://github.com/somus/pipr to version v0.2.0.
This action is used across all versions by 0 repositories. Action Type This is a Docker action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed 0.2.0 (2026-07-02) ⚠ BREAKING CHANGES pipr init –types-only and –no-types are removed and generated .pipr/types/pipr-sdk.d.ts is no longer written; types come from the installed @usepipr/sdk package. structure runtime action logging (#10) consolidate public API contracts (#9) Features consolidate public API contracts (#9) (01db150) support installable npm dependencies in .pipr config (#14) (97794bc) Code Refactoring structure runtime action logging (#10) (64addf1)
July 2, 2026
Repository Create
Version updated for https://github.com/stairwaytowonderland/repository-create to version v1.74.0.
This action is used across all versions by ? repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed chore(release): 1.74.0
1.74.0 (2026-07-02) ✨ Features updates (328fff6)
July 2, 2026
Frisk — AI supply-chain scan
Version updated for https://github.com/Thandv/frisk to version v0.1.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed First release. Static, zero-execution scanner for AI-agent content (MCP servers, skills, plugins): RCE, secret exfiltration, destructive ops, prompt-injection, tool-poisoning, hidden-unicode. Rug-pull detection (lock/verify), OWASP LLM Top 10 mapping, SARIF, GitHub Action, and an MCP server to vet-before-install. Install: pip install frisk-scan
July 2, 2026
UnityInFlow Spec Compliance
Version updated for https://github.com/UnityInFlow/spec-ci-plugin to version v1.0.0.
This action is used across all versions by ? repositories. Action Type This is a Node action using Node version 20.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed First stable Marketplace release of the UnityInFlow Spec Compliance action.
What’s included Typed status and report action outputs (matching the runtime core.setOutput calls) injection-scanner-version default bumped to v0.0.2 — the tag carrying the Linux musl binaries the action downloads at runtime Deterministic committed dist/ (no sourcemaps) guarded by a git diff --exit-code dist/ staleness gate in CI Public/fork CI runs secretless on GitHub-hosted runners; release automation stays on org self-hosted runners Moving v1 tag maintained automatically on release publish Usage - uses: UnityInFlow/spec-ci-plugin@v1
July 2, 2026
Polder Drift — Design System Drift Alerts
Version updated for https://github.com/usepolder/drift to version v1.1.0.
This action is used across all versions by 0 repositories. Action Type This is a Node action using Node version 20.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Polder Drift now works with any design system — including your in-house one. Point library_paths at a checkout of your DS repo (source-only monorepo workspaces work too), and generate the look-alike detection data straight from your DS’s own source: