GitHub Actions Security Reminder
non-blocking stable
Fires when Claude Code edits a GitHub Actions workflow file. Non-blocking reminder about command injection risks, untrusted input in run: steps, and the SAFE pattern (env: with proper quoting vs direct ${{ expression }} interpolation).
ai hooks run security-reminder
Event
PreToolUse Language python Trigger file-pattern — .github/workflows/*.yml Side effects - emits security guidance to stderr
linuxmacoswindows Logic is cross-platform. Wiring: use 'ai hooks run security-reminder' in settings.json — the ai binary discovers Python on each OS. Pure Python; writes to stderr. Works on all platforms.
securitygithub-actionsciclaude-code
Attribution: convergent-systems-key.