feat: 新スキル harden-workflows を追加

[yk-lab]

Summary

• actionlint / ghalint / zizmor の CI 導入支援スキル harden-workflows を新規追加
• ツールのチェックルールを再実装せず、テンプレート提供とセットアップ支援に徹する設計
• 自リポの workflow-lint.yml（PR feat: actionlint / ghalint / zizmor による Workflow Lint CI を追加 #21, fix: ghalint の検証を gh attestation verify に切り替え #22）をベースにしたテンプレート

Changes

New files

• skills/harden-workflows/SKILL.md — スキル定義（Scope, Steps, Notes, cross-skill handoff）
• skills/harden-workflows/references/workflow-lint-template.md — WF テンプレート + 設定例 + gh attestation verify パターン

Updated files

• skills/audit-actions/SKILL.md — harden-workflows への正式リンクに更新
• skills/audit-actions/references/security-checklist.md — 同上
• skills/pin-actions/SKILL.md — トリガーフレーズ衝突解消（"harden workflows" 削除）
• plugins/actver/agents/actver.md — description に harden-workflows 追加
• README.md / README.ja.md — スキルテーブルに追加
• CLAUDE.md — Structure・Key Patterns 更新
• scripts/expected-files.txt — マニフェスト更新

Reviews

• plugin-dev:skill-reviewer — Pass（トリガー衝突修正等の指摘対応済み）
• plugin-dev:plugin-validator — Pass（エージェント description 更新済み）
• ./scripts/validate.sh — All checks passed

Test plan

• validate.sh 全チェックパス
• CI パス確認
• skills add でインストールされることを確認

Closes #26

[claude]

Claude finished @yk-lab's task in 1m 37s —— View job

---

Code Review: feat/harden-workflows

• Gather context
• Read changed files
• Review SKILL.md (harden-workflows)
• Review references/workflow-lint-template.md
• Review updated skills and agent files
• Finalize review

---

Overall Assessment

Well-designed skill addition. The scope is tight (tooling setup only, not re-implementing tool checks), the cross-skill handoffs are properly wired, and the template is production-ready. The PR description notes that plugin-dev:skill-reviewer and plugin-dev:plugin-validator have already passed.

A few items worth addressing before merge, ranging from a functional gap to minor nits.

---

Findings

Potential gap: attestations: read permission in ghalint job

skills/harden-workflows/references/workflow-lint-template.md lines 44–70

The ghalint job declares only:

permissions:
  contents: read

But gh attestation verify calls the GitHub Sigstore API to verify build provenance. For private repositories, this API call requires attestations: read. On public repos with GitHub-hosted runners it typically works with the default token, but users copying this template to private repos may see a silent auth failure.

Recommended fix — add attestations: read to the ghalint job permissions and update the comment:

permissions:
  contents: read      # Download release artifact from GitHub
  attestations: read  # Verify SLSA build provenance via gh attestation verify

Fix this →

---

Nit: zizmor action options lack inline explanation

workflow-lint-template.md lines 83–86

      - uses: zizmorcore/zizmor-action@SHA # vX.Y.Z — look up with ActVer
        with:
          persona: auditor
          advanced-security: false

Users copying this template won't know why auditor was chosen over pedantic/developer, or why GHAS is disabled. Short inline comments would help:

          persona: auditor         # balances signal-to-noise; use 'pedantic' for maximum coverage
          advanced-security: false # set true only if GitHub Advanced Security is enabled on the repo

---

Nit: zizmor.yml trigger path not mirrored in actionlint/ghalint jobs

workflow-lint-template.md lines 14–22

The paths filter includes zizmor.yml and .ghalint.yml, so a change to either config file triggers all three jobs. That's intentional — a config change should re-run all linters. No issue here, just noting it's a deliberate choice worth calling out for reviewers who might question why actionlint reruns when only zizmor.yml changes.

---

Minor: harden-workflows Notes section — minor wording imprecision

skills/harden-workflows/SKILL.md line 39

For action-specific security audits (SHA pinning, checkout config, secrets exposure), use the audit-actions skill

"SHA pinning" in this context reads ambiguously — SHA pinning is performed by pin-actions, not audit-actions. audit-actions checks whether pinning is in place. The distinction is clear from context but could trip up the LLM routing logic if the user says "help me with SHA pinning". Consider:

For auditing action-specific security (checking pin status, checkout config, secrets exposure), use the audit-actions skill; to apply SHA pins, use the pin-actions skill

---

What's working well

• Scope clarity: The skill explicitly positions itself as "tooling setup only" and defers to the tools themselves for what they check. This avoids duplicating tool logic and makes the skill's coverage stable even as tools evolve.
• ghalint binary verification: Using gh attestation verify --signer-workflow rather than a checksum is a genuinely better approach and the explanation in the reference doc is clear.
• Three separate jobs: Running actionlint/ghalint/zizmor as parallel jobs rather than sequentially gives faster feedback and isolated failure reporting — good template design choice.
• Cross-skill handoffs: All four directions (audit→harden, harden→audit, harden→pin, harden→upgrade) are properly linked.
• pin-actions trigger conflict resolved: Removing "harden workflows" and "secure workflows" from pin-actions description is the right fix.

---

Summary

One functional issue (attestations: read) that affects private repo users, two nits (zizmor option comments, wording in Notes). All are straightforward fixes. The core design is solid.

[claude]

Claude finished @yk-lab's task in 2m 31s —— View job

---

Skill Quality Check

Tasks

• Gather context and understand PR changes
• Run plugin-dev:skill-reviewer on changed SKILL.md files
• Run plugin-dev:plugin-validator on plugins/actver/
• Check project-specific criteria against diff
• Post final review

---

Agent Reviews

plugin-dev:skill-reviewer: PASS — skills/harden-workflows/SKILL.md is production-ready. Lean and well-structured (426 words in SKILL.md + 586 words in reference = ~1,012 total). Progressive disclosure is correctly applied. 3 minor issues noted below.

plugin-dev:plugin-validator: PASS — All required files present, JSON valid, frontmatter meets schema, relative links resolve, skills manifest consistent. 1 minor warning (no version field in plugin.json).

---

Project-Specific Checks

#	Check	Status	Notes
1	Description format (This skill should be used when)	PASS	Correct third-person format
2	Trigger phrases (5+ diverse phrases)	PASS	13 trigger phrases covering synonyms and natural phrasings
3	Trigger overlap with other skills	PASS	"harden workflows" removed from pin-actions, "secure workflows" → "secure action references". No remaining conflicts
4	Consistency (Steps match description)	PASS	Steps align with stated scope
5	Completeness (end-to-end coverage)	PASS	Covers discovery, creation, config, best practices, and verification
6	Cross-skill handoff in Notes	PASS	References audit-actions, pin-actions, upgrade-actions
7	Agent description format (Use this agent when)	PASS	Correct format
8	Agent tool/capability coverage	PASS	Mentions SHA pinning, upgrades, audit, and hardening
9	Reference relevance	PASS	workflow-lint-template.md directly supports all steps
10	Reference accuracy	PASS	YAML template, ghalint attestation pattern, and zizmor config are correct

---

Summary

• PASS: 10 checks
• WARN: 3 suggestions (optional improvements)
• FAIL: 0

---

Details

WARN — skills/harden-workflows/SKILL.md Step 3 (condition too broad):

"Create a zizmor.yml config file if the repo uses secrets in workflows"

Most repos use secrets, so this would create an unnecessary file on every run. Recommended fix: Fix this →

WARN — skills/harden-workflows/SKILL.md Step 5 (misleading — verification is already in the template):

"Verify ghalint binary with gh attestation verify" reads as a separate manual action

The workflow-lint-template.md already embeds gh attestation verify in the ghalint job. Recommended fix: add a clarifying parenthetical — e.g. (already included in the generated workflow template — no separate action needed). Fix this →

WARN — skills/harden-workflows/SKILL.md description (trigger coverage):
Consider adding 2-3 more natural phrasings: "set up workflow security", "prevent script injection in CI", "continuous linting for CI". Description is 448 chars (limit ~500), so there is room. Fix this →

---

These are all non-blocking suggestions. The PR is ready to merge as-is.

[claude]

Claude finished @yk-lab's task in 3m 55s —— View job

---

Skill Quality Check

Tasks

• Gather context and understand PR changes
• Run plugin-dev:skill-reviewer on changed SKILL.md files
• Run plugin-dev:plugin-validator on plugins/actver/
• Check project-specific criteria against diff
• Post final review

---

Agent Reviews

plugin-dev:skill-reviewer: Needs improvement — skills/harden-workflows/SKILL.md is well-structured overall, but has one factual error in the reference file and several minor issues. See details below.

plugin-dev:plugin-validator: PASS — All required files present, JSON valid, frontmatter meets schema, relative links resolve, skills manifest consistent. No critical issues or warnings.

---

Project-Specific Checks

#	Check	Status	Notes
1	Description format (This skill should be used when)	PASS	Correct third-person format
2	Trigger phrases (5+ diverse phrases)	PASS	13 trigger phrases — good coverage, though some are redundant
3	Trigger overlap with other skills	PASS	"harden workflows" and "secure workflows" removed from pin-actions
4	Consistency (Steps match description)	PASS	Steps align with stated scope
5	Completeness (end-to-end coverage)	WARN	Missing a post-setup handoff: no guidance on what to do when the newly installed tools report findings on existing workflows
6	Cross-skill handoff in Notes	PASS	References audit-actions, pin-actions, upgrade-actions
7	Agent description format (Use this agent when)	PASS	Correct format
8	Agent tool/capability coverage	PASS	Mentions SHA pinning, upgrades, audit, and hardening
9	Reference relevance	PASS	workflow-lint-template.md directly supports all steps
10	Reference accuracy	FAIL	zizmor persona ordering is incorrect (see details)

---

Summary

• PASS: 8 checks
• WARN: 1 suggestion
• FAIL: 1 check (must fix before merge)

---

Details

FAIL — references/workflow-lint-template.md line 86: zizmor persona ordering incorrect

          persona: auditor         # strictest; use 'pedantic' for moderate, 'regular' for minimal

The actual zizmor persona strictness order is pedantic (strictest) > auditor > regular (minimal). The comment says auditor is strictest and pedantic is moderate — the opposite of reality. A user who wants maximum coverage following this template would get auditor (intermediate) when they should use pedantic.

Correct comment should read:

          persona: auditor         # balanced signal-to-noise; use 'pedantic' for maximum coverage, 'regular' for minimal

Fix this →

---

WARN — SKILL.md Notes: missing post-setup handoff

When the newly installed lint workflow reports findings on existing workflows, users need guidance on next steps. The Notes section lists sibling skills as alternatives but not as a post-setup workflow.

Suggested addition to Notes:

After the lint workflow is running, if the tools report findings on existing workflows, use audit-actions to review and prioritize them, then pin-actions or upgrade-actions to remediate action reference issues.

Fix this →

---

Other minor notes (non-blocking)

• Description length: 673 characters vs. ~500 recommended (siblings are 349–360 chars). Several trigger phrases are semantically redundant ("workflow lint CI", "add workflow security checks", "enforce workflow policies"). Trimming 3–4 phrases would bring it in line.
• Step 5: "Verify ghalint binary with gh attestation verify" is already embedded in the generated template. This reads as a separate action rather than a note about what the template provides. Consider moving to Notes with a parenthetical.

---

What's fixed since last review

Compared to the previous Claude review on this PR:

• ✅ attestations: read permission added to ghalint job
• ✅ zizmor option inline comments improved (persona/advanced-security)
• ✅ SKILL.md Notes section wording corrected ("For auditing... to apply SHA pins")

The one remaining FAIL (persona ordering) is straightforward to fix. The rest are non-blocking suggestions.

[claude]

Claude finished @yk-lab's task in 1m 50s —— View job

---

Code Review: feat/harden-workflows

• Gather context and read changed files
• Review skills/harden-workflows/SKILL.md
• Review skills/harden-workflows/references/workflow-lint-template.md
• Review updated skills and agent files
• Run validate.sh (skipped — requires shell execution permission; PR description confirms all checks pass)
• Finalize review

---

Overall Assessment

This is a clean, well-scoped skill addition. All issues raised in the previous two review passes have been addressed. There is one remaining factual error in the zizmor persona comment worth fixing before merge.

---

Findings

Bug: zizmor persona: auditor comment is factually wrong

skills/harden-workflows/references/workflow-lint-template.md line 86

persona: auditor         # strictest; use 'pedantic' for moderate, 'regular' for minimal

This is backwards. In zizmor, the persona strictness order is regular < auditor < pedantic — pedantic is the most strict, not auditor. The previous review pass suggested the correct wording ("balances signal-to-noise; use 'pedantic' for maximum coverage") but the current text still says "strictest".

Correct version:

persona: auditor         # balances signal-to-noise; use 'pedantic' for maximum coverage, 'regular' for minimal

Fix this →

---

Previous Review Items — Status

Finding	Source	Status
attestations: read missing in ghalint job	Review 1	✅ Fixed (line 50 of template)
Step 3 condition too broad ("if repo uses secrets")	Review 2	✅ Fixed (now "if zizmor reports findings")
Step 5 misleading (gh attestation verify reads as manual step)	Review 2	✅ Fixed (parenthetical added)
Notes wording "SHA pinning" ambiguity	Review 1	✅ Fixed (now explicitly separates audit vs apply)
zizmor persona comment wording	Reviews 1 & 2	❌ Still has "strictest" — factually incorrect

---

What's Working Well

• Scope: Skill correctly positions as "tooling setup only" and explicitly defers to the tools themselves. Notes section cleanly separates the four skill responsibilities.
• Template quality: permissions: {} at workflow level, persist-credentials: false on all checkouts, timeout-minutes on all jobs, concurrency block, paths filter — all best practices applied consistently.
• ghalint binary verification: gh attestation verify --signer-workflow pattern is correct and well-explained. Better than checksums.
• attestations: read is already in the template — private repo users are covered.
• Trigger conflict resolution: Removing "harden workflows" / "secure workflows" from pin-actions is the right call. No remaining routing conflicts.
• Cross-skill handoffs: All four directions properly wired (audit↔harden, harden→pin, harden→upgrade).

---

Summary

One factual error in the zizmor persona comment — easy one-line fix. Everything else is clean. Recommend fixing before merge.

[claude]

Claude finished @yk-lab's task in 1m 21s —— View job

---

Code Review: feat/harden-workflows

• Gather context and read changed files
• Review skills/harden-workflows/SKILL.md
• Review skills/harden-workflows/references/workflow-lint-template.md
• Review updated skills and agent files
• Finalize review

---

Overall Assessment

All issues identified in prior review passes have been resolved. The PR is ready to merge.

---

Previous Findings — Final Status

Finding	Severity	Status
attestations: read missing in ghalint job	Functional	✅ Fixed (line 50)
zizmor persona comment backwards ("strictest")	Bug	✅ Fixed — now "balances signal-to-noise; use 'pedantic' for maximum coverage, 'regular' for minimal" (line 86)
zizmor option comments missing	Nit	✅ Fixed — both persona and advanced-security have inline explanations
Notes "SHA pinning" wording ambiguous	Nit	✅ Fixed — clearly separates auditing (audit-actions) from applying (pin-actions)
Step 3 condition too broad ("if repo uses secrets")	Warn	✅ Fixed — now "if zizmor reports secrets-outside-env or excessive-permissions findings"
Step 5 reads as separate manual action	Warn	✅ Fixed — parenthetical added clarifying it's embedded in the template

---

No New Issues Found

The current state of all files is clean:

• SKILL.md: Scope, Steps, and Notes are all accurate and well-structured. Cross-skill handoffs in all four directions are intact.
• workflow-lint-template.md: All security best practices applied (permissions: {}, persist-credentials: false, timeout-minutes, concurrency, paths filter, SHA-pinned actions). attestations: read present for private repo support. Tool roles table and configuration examples are accurate.
• audit-actions/SKILL.md and security-checklist.md: Correctly link to harden-workflows in both places.
• pin-actions/SKILL.md: Trigger conflict resolved — "harden workflows" and "secure action references" removed.
• plugins/actver/agents/actver.md: Agent description correctly covers all four skills.

---

What's Working Well

• Scope is tightly defined as "tooling setup only" — the skill doesn't re-implement tool checks, making it durable as tools evolve
• gh attestation verify --signer-workflow pattern for ghalint is more secure than checksums and well-documented
• Three parallel jobs (actionlint / ghalint / zizmor) provide fast, isolated failure reporting
• All four cross-skill handoff directions are properly wired

[claude]

Claude finished @yk-lab's task in 3m 42s —— View job

---

Skill Quality Check

Tasks

• Gather context and read changed files
• Run plugin-dev:skill-reviewer on changed SKILL.md files
• Run plugin-dev:plugin-validator on plugins/actver/
• Check project-specific criteria against diff
• Post final review

---

Agent Reviews

plugin-dev:skill-reviewer: Pass — harden-workflows/SKILL.md is production-ready. Strong scope table, correct progressive disclosure, well-wired cross-skill handoffs. Two minor wording clarifications are non-blocking. One structural inconsistency in audit-actions/SKILL.md was introduced by this PR and should be addressed (see details).

plugin-dev:plugin-validator: Pass — All required files present, JSON valid, frontmatter meets schema, relative links resolve, skills manifest consistent with expected-files.txt. One advisory-only note: agents/actver.md omits optional model, color, and <example> frontmatter fields (not enforced by scripts/validate.sh).

---

Project-Specific Checks

#	Check	Status	Notes
1	Description format (This skill should be used when)	PASS	Correct third-person format
2	Trigger phrases (5+)	PASS	13 trigger phrases — thorough coverage
3	Trigger overlap with other skills	PASS	Minimal overlap with audit-actions on "secure my GitHub Actions" phrasing; in-description disambiguation handles it
4	Consistency (Steps match description)	PASS	Steps align with "tooling setup only" scope
5	Completeness	PASS	Covers discovery, creation, config, best practices, verification
6	Cross-skill handoff (harden-workflows Notes)	PASS	References audit-actions, pin-actions, upgrade-actions
6a	Cross-skill handoff (audit-actions Notes)	WARN	### Workflow-wide security tooling is a nested heading inside ## Notes — structural inconsistency with all other skills (flat bullet lists). Introduced by this PR.
6b	Cross-skill handoff (pin-actions Notes)	WARN	No outbound handoff bullets in Notes (pre-existing gap, now more visible).
7	Agent description format (Use this agent when)	PASS	Correct format
8	Agent tool coverage	PASS	Lists SHA pinning, upgrades, audit, and hardening
9	Reference relevance	PASS	workflow-lint-template.md directly supports all steps
10	Reference accuracy	PASS	zizmor persona ordering comment fixed in latest commit (auditor = balanced; pedantic = max coverage)

---

Summary

• PASS: 10 checks
• WARN: 2 checks
• FAIL: 0 checks

---

Details

WARN — skills/audit-actions/SKILL.md: Nested heading in Notes section

The ### Workflow-wide security tooling subsection was added under ## Notes by this PR. All other skills use flat bullet lists in their Notes sections. This structural inconsistency makes audit-actions the only skill with a nested heading inside Notes.

Suggested fix — flatten into a single bullet:

## Notes

- This skill identifies and reports issues — it does not fix them automatically
- To remediate unpinned actions, use the **pin-actions** skill
- To upgrade outdated actions, use the **upgrade-actions** skill
- To set up continuous enforcement with actionlint, ghalint, and zizmor, use the **harden-workflows** skill
- For the full security checklist, see [references/security-checklist.md](references/security-checklist.md)

Fix this →

---

WARN — skills/pin-actions/SKILL.md: No cross-skill handoff in Notes (pre-existing)

pin-actions Notes has no pointers to sibling skills. After pinning, users naturally need audit-actions (to verify coverage) or harden-workflows (to enforce going forward). This gap pre-dates this PR but is now more noticeable.

Fix this →

---

Fixed Since Last Review

All issues identified in previous review passes are confirmed resolved:

Finding	Status
attestations: read missing in ghalint job	✅ Fixed
zizmor persona comment said auditor is "strictest" (backwards)	✅ Fixed (latest commit)
Step 3 condition too broad ("if repo uses secrets")	✅ Fixed
Step 5 reads as a separate manual action	✅ Fixed (parenthetical added)
Notes wording "SHA pinning" ambiguity	✅ Fixed
"harden workflows" trigger conflict in pin-actions	✅ Fixed

---

What's Working Well

• Template quality: permissions: {} at workflow level, persist-credentials: false on all checkouts, timeout-minutes, concurrency, paths filter, SHA-pinned actions — all best practices applied consistently.
• ghalint binary verification: gh attestation verify --signer-workflow is a genuinely better approach than checksums and the template explains why clearly.
• Scope discipline: The skill explicitly avoids reimplementing what the tools check — keeping it stable as tools evolve.
• Scope table: The Tool / Role / Detects table is an efficient, scannable way to explain the three-tool setup.

[claude]

Claude finished @yk-lab's task in 3m 0s —— View job

---

Skill Quality Check

Tasks

• Gather context and understand PR changes
• Run plugin-dev:skill-reviewer on changed SKILL.md files
• Run plugin-dev:plugin-validator on plugins/actver/
• Check project-specific criteria against diff
• Post final review

---

Agent Reviews

plugin-dev:skill-reviewer: Pass — All three changed skills are well-structured with correct progressive disclosure and cross-skill handoffs. One major issue in harden-workflows Step 3 (premature zizmor.yml creation before the workflow has ever run), plus four minor notes. audit-actions and pin-actions each have minor suggestions; both are non-blocking.

plugin-dev:plugin-validator: Pass — All required files present, JSON valid, frontmatter meets schema, relative links resolve, skills manifest consistent with expected-files.txt. Two optional recommendations (agent model/color fields, plugin-level README); one minor note about .mcp.json type: "http" vs. CLAUDE.md's "StreamableHTTP" terminology.

---

Project-Specific Checks

#	Check	Status	Notes
1	Description format (This skill should be used when)	PASS	Correct third-person format
2	Trigger phrases (5+)	PASS	13 trigger phrases — comprehensive coverage
3	Trigger overlap with other skills	PASS	"harden workflows" and "secure workflows" removed from pin-actions; no remaining conflicts
4	Consistency (Steps match description)	PASS	All Steps stay within "tooling setup only" scope
5	Completeness	PASS	Covers discovery, creation, config, best practices, verification
6	Cross-skill handoff (harden-workflows Notes)	PASS	Outbound links to audit-actions, pin-actions, upgrade-actions all present
6a	Cross-skill handoff (audit-actions Notes)	PASS ✅ Fixed	### Workflow-wide security tooling nested heading replaced with flat bullet — structural inconsistency resolved
6b	Cross-skill handoff (pin-actions Notes)	PASS ✅ Fixed	Two outbound handoff bullets added (audit-actions, harden-workflows) — pre-existing gap resolved
7	Agent description format (Use this agent when)	PASS	Correct format; "harden workflows with static analysis tools" added
8	Agent tool coverage	PASS	Lists SHA pinning, upgrades, audit, and hardening
9	Reference relevance	PASS	workflow-lint-template.md directly supports all five Steps
10	Reference accuracy	PASS	zizmor persona comment corrected (auditor = balanced; pedantic = max coverage, regular = minimal)

---

Summary

• PASS: 12 checks
• WARN: 1 check
• FAIL: 0 checks

---

Details

WARN — skills/harden-workflows/SKILL.md Step 3: zizmor.yml creation is premature

3. Create a `zizmor.yml` config file if zizmor reports `secrets-outside-env` or
   `excessive-permissions` findings that are intentional

The workflow is being created in Steps 1–2 — zizmor has not run yet. The agent has no basis to determine which findings are intentional at this point. As written, the agent may prompt the user about intentional findings before the lint workflow has ever executed.

Suggested reframe — make this a post-first-run follow-up:

3. After the workflow runs for the first time, create a zizmor.yml config file if zizmor reports secrets-outside-env or excessive-permissions findings that are intentional false positives (e.g., secrets passed to trusted first-party actions)

Fix this →

---

Other minor notes (non-blocking)

• SKILL.md Step 4: The confirmation requirement ("confirm with the user before modifying workflows beyond the lint file") is buried in a parenthetical. It's important enough to stand alone as a leading callout in the step.
• SKILL.md Step 5: The heading "Verify ghalint binary with gh attestation verify" implies a manual action. A user skimming the step list will misread it. The parenthetical clarification is good; consider renaming the step to "ghalint binary is verified by the generated template (SLSA provenance)" to match the actual intent.
• audit-actions/SKILL.md: Missing trigger phrases for users who already know the tool names — e.g. "review zizmor findings", "interpret actionlint output", "triage workflow lint results". Low priority since these users would more likely trigger harden-workflows.
• pin-actions/SKILL.md: Trigger list is the shortest of the three skills; consider adding "immutable action references" or "actions are using tags" (problem-description phrasing).

---

Fixed Since Previous Review

Finding	Status
attestations: read missing in ghalint job	✅ Fixed
zizmor persona comment said auditor is "strictest" (backwards)	✅ Fixed
Step 3 condition too broad ("if repo uses secrets")	✅ Fixed (now "if zizmor reports findings")
Step 5 reads as a separate manual action	✅ Fixed (parenthetical added — though heading still implies manual action)
Notes wording "SHA pinning" ambiguity	✅ Fixed
audit-actions nested ### Workflow-wide security tooling heading	✅ Fixed
pin-actions missing cross-skill handoffs in Notes	✅ Fixed

---

What's Working Well

• Scope table: The Tool / Role / Detects table in harden-workflows SKILL.md is an efficient and scannable orientation for a three-tool setup.
• Template quality: All security best practices consistently applied (permissions: {}, persist-credentials: false, timeout-minutes, concurrency, paths filter, SHA-pinned actions, attestations: read).
• ghalint binary verification: gh attestation verify --signer-workflow pattern is well-explained and more secure than checksums.
• Trigger conflict resolution: Removing "harden workflows" / "secure workflows" from pin-actions was the right call — no remaining routing conflicts.
• Cross-skill handoffs: All directions are now fully wired across all four skills.

[claude]

Claude finished @yk-lab's task in 1m 5s —— View job

---

Code Review: feat/harden-workflows

• Gather context and read changed files
• Review skills/harden-workflows/SKILL.md
• Review skills/harden-workflows/references/workflow-lint-template.md
• Review updated skills and agent files
• Finalize review

---

Overall Assessment

All issues identified across prior review passes are confirmed resolved. The PR is ready to merge.

---

Previous Findings — Final Status

Finding	Severity	Status
attestations: read missing in ghalint job	Functional	✅ Fixed (line 50)
zizmor persona comment backwards ("strictest")	Bug	✅ Fixed — "balances signal-to-noise; use 'pedantic' for maximum coverage, 'regular' for minimal"
zizmor option comments missing	Nit	✅ Fixed — both persona and advanced-security have inline explanations
Notes "SHA pinning" wording ambiguous	Nit	✅ Fixed — clearly separates auditing (audit-actions) from applying (pin-actions)
Step 3 condition too broad ("if repo uses secrets")	Warn	✅ Fixed — now "if zizmor reports secrets-outside-env or excessive-permissions findings"
Step 5 reads as separate manual action	Warn	✅ Fixed — parenthetical added clarifying it's embedded in the template
"harden workflows" trigger conflict in pin-actions	Conflict	✅ Fixed — removed from pin-actions description
audit-actions/SKILL.md nested ### heading in Notes	Structure	✅ Fixed — flattened to single bullet, consistent with all other skills
pin-actions/SKILL.md no cross-skill handoff	Gap	✅ Fixed — both audit-actions and harden-workflows bullets added

---

No New Issues Found

The current state of all files is clean:

• harden-workflows/SKILL.md: Scope table, Steps, and Notes are accurate and well-structured. 13 trigger phrases with no routing conflicts. Cross-skill handoffs in all four directions.
• workflow-lint-template.md: All security best practices applied (permissions: {}, persist-credentials: false, timeout-minutes, concurrency, paths filter, SHA-pinned actions, attestations: read for private repo support). Tool roles table and configuration examples are accurate.
• audit-actions/SKILL.md: Nested heading flattened to bullet; single clean pointer to harden-workflows. Consistent structure with sibling skills.
• pin-actions/SKILL.md: Trigger conflict resolved; outbound handoffs to audit-actions and harden-workflows added.
• plugins/actver/agents/actver.md: Description correctly covers all four skills.

---

What's Working Well

• Scope discipline: The skill explicitly avoids reimplementing what the tools check, making it stable as tools evolve
• gh attestation verify --signer-workflow: More secure than checksums (verifies build provenance, not just file hash) — well-explained in the reference doc
• Three parallel jobs: actionlint / ghalint / zizmor run independently for fast, isolated failure reporting
• Template security posture: permissions: {} at workflow level, persist-credentials: false on all checkouts, timeout-minutes and concurrency on every job — all best practices applied consistently

[claude]

Claude encountered an error —— View job

---

I'll analyze this and get back to you.

[claude]

Claude encountered an error —— View job

---

I'll analyze this and get back to you.