What happens if my workflow has security issues?

The skill will audit your .github/workflows directory, point out specific vulnerabilities like hardcoded secrets or overly broad IAM roles, and propose secure code replacements.

Does this skill support OIDC authentication?

Absolutely. It validates that workflows correctly configure the 'id-token: write' permission required for GitHub to authenticate with GCP via OIDC.

Can it help with Vertex AI deployments?

Yes, it includes specific patterns and validation logic for deploying agents and models to Vertex AI securely using Google Cloud's modern CI/CD standards.

GitHub Actions GCP Validator

Name: GitHub Actions GCP Validator
Author: Brmbobo

byBrmbobo

0•

Deployment & DevOps

Secures and validates GitHub Actions workflows for Google Cloud and Vertex AI deployments using Workload Identity Federation.

The GitHub Actions GCP Validator skill is designed to audit, harden, and automate CI/CD pipelines targeting Google Cloud Platform. It prioritizes security by replacing risky, long-lived service account keys with Workload Identity Federation (WIF) and OIDC authentication. The skill helps developers implement least-privilege IAM roles, integrate security scans, and ensure that Vertex AI deployments follow enterprise-grade best practices for automation and infrastructure safety.

Key Features

01Enforces Workload Identity Federation (WIF) to eliminate static JSON keys

02Audits GitHub Actions workflows for security vulnerabilities and credential leaks

03Validates OIDC permissions and least-privilege IAM role assignments

04Automates secure deployment patterns for Vertex AI and Cloud Run

05Integrates CI checks, secret detection, and post-deployment health monitoring

060 GitHub stars

Use Cases

01Securing Vertex AI agent deployments with enterprise-grade IAM and security controls

02Migrating legacy CI/CD pipelines from service account keys to secure OIDC-based authentication

03Performing security audits on existing GitHub workflows to ensure compliance with GCP best practices

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add brmbobo/web2podcast gh-actions-validator

For use in Claude.ai and ChatGPT

Key Features

01Enforces Workload Identity Federation (WIF) to eliminate static JSON keys

02Audits GitHub Actions workflows for security vulnerabilities and credential leaks

03Validates OIDC permissions and least-privilege IAM role assignments

04Automates secure deployment patterns for Vertex AI and Cloud Run

05Integrates CI checks, secret detection, and post-deployment health monitoring

060 GitHub stars

Use Cases

01Securing Vertex AI agent deployments with enterprise-grade IAM and security controls

02Migrating legacy CI/CD pipelines from service account keys to secure OIDC-based authentication

03Performing security audits on existing GitHub workflows to ensure compliance with GCP best practices

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add brmbobo/web2podcast gh-actions-validator

For use in Claude.ai and ChatGPT