Skip to content

ci: add automated skill review for SKILL.md pull requests#2320

Closed
Alan Pope (popey) wants to merge 1 commit intolangchain-ai:mainfrom
popey:add-skill-review-ci
Closed

ci: add automated skill review for SKILL.md pull requests#2320
Alan Pope (popey) wants to merge 1 commit intolangchain-ai:mainfrom
popey:add-skill-review-ci

Conversation

@popey
Copy link
Copy Markdown
Contributor

@popey Alan Pope (popey) commented Mar 30, 2026

Hullo! Thanks for merging the skill improvements earlier. This is a follow-up that adds a lightweight GitHub Action to automatically review any SKILL.md files when they're changed in a PR, using tessl skill review.

  • Triggers only on PRs that touch **/SKILL.md
  • Posts review results as a PR comment
  • Minimal permissions: pull-requests: write and contents: read

This way you and your contributors get an instant quality signal on skill changes before manual review — no signup or tokens needed.

@popey
ci: add automated skill review for SKILL.md pull requests
971420d 
Adds a lightweight GitHub Action that reviews any SKILL.md files changed
in a pull request using tessl skill review. Posts results as a PR comment
with minimal permissions (pull-requests: write, contents: read).

Signed-off-by: Alan Pope <alan@popey.com>
@github-actions github-actions bot added github_actions PR touching `.github` infra Repo meta changes size: XS < 50 LOC labels Mar 30, 2026
@org-membership-reviewer org-membership-reviewer bot added the external User is not a member of the `langchain-ai` GitHub organization label Mar 30, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 30, 2026

This PR has been automatically closed because it does not link to an approved issue.

All external contributions must reference an approved issue or discussion. Please:

  1. Find or open an issue describing the change
  2. Wait for a maintainer to approve and assign you
  3. Add Fixes #<issue_number>, Closes #<issue_number>, or Resolves #<issue_number> to your PR description and the PR will be reopened automatically

Maintainers: reopen this PR or remove the missing-issue-link label to bypass this check.

@github-actions github-actions bot closed this Mar 30, 2026
corridor-security[bot]
corridor-security bot reviewed Mar 30, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@corridor-security corridor-security bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security Issues

  • Unpinned Third-Party GitHub Action (Supply Chain Risk)
    The workflow uses a third-party action via a moving branch reference tesslio/skill-review@main. If that repository is compromised or its main branch changes, arbitrary code will execute in your CI with the granted GITHUB_TOKEN permissions (pull-requests: write, contents: read). This is a realistic and exploitable supply chain vector.

Recommendations

  • Pin the third-party action to a specific commit SHA to provide integrity and immutability guarantees.
  • Keep the token scope to the minimum necessary; using an unpinned third-party action with write permissions increases potential impact if the action is compromised.

.github/workflows/skill-review.yml
contents: read
steps:
- uses: actions/checkout@v4
- uses: tesslio/skill-review@main
Copy link
Copy Markdown
Contributor

@corridor-security corridor-security bot Mar 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using a third-party GitHub Action via a moving branch reference is a supply chain risk. If tesslio/skill-review's main branch is modified or compromised, it can execute arbitrary code in your workflow with the provided GITHUB_TOKEN permissions (pull-requests: write, contents: read). This is exploitable on any PR that matches the path filter.

Vulnerable line:

- uses: tesslio/skill-review@main

Impact:

  • Arbitrary code execution on the CI runner by an external repository.
  • Ability to exfiltrate the GITHUB_TOKEN and perform write operations on pull requests (e.g., post or alter reviews/comments, modify PR metadata).

Remediation:

  • Pin the action to a specific commit SHA (e.g., tesslio/skill-review@<commit-sha>). Regularly review and update the pinned SHA as needed.
  • Ensure permissions are least-privilege for the required functionality.

For more details, see the finding in Corridor.

Provide feedback: Reply with whether this is a valid vulnerability or false positive to help improve Corridor's accuracy.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@corridor-security corridor-security[bot] corridor-security[bot] left review comments

Assignees

No one assigned

Labels

external User is not a member of the `langchain-ai` GitHub organization github_actions PR touching `.github` infra Repo meta changes missing-issue-link size: XS < 50 LOC

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@popey