Loading...
Loading...
Compare original and translation side by side
pull_request_targetissue_commentenv:pull_request_targetissue_commentenv:uses:uses:pull_request_targetissue_commentpull_request_targetechoecho $(env)env:danger-full-accessBash(*)--yolopull_request_targetissue_commentpull_request_targetechoecho $(env)env:danger-full-accessBash(*)--yoloowner/repoowner/repoowner/reporef| Input Format | Extract |
|---|---|
| owner, repo; ref = default branch |
| owner, repo, ref (branch, tag, or SHA) |
| owner, repo; ref = default branch |
| owner, repo; strip extra path segments |
| Suggest: "Did you mean to analyze owner/repo?" |
.gitwww.http://https://owner/reporef| 输入格式 | 提取内容 |
|---|---|
| owner, repo;ref = 默认分支 |
| owner, repo, ref(分支、标签或SHA) |
| owner, repo;ref = 默认分支 |
| owner, repo;移除额外路径段 |
| 提示:“你是否想分析owner/repo?” |
.gitwww.http://https://gh apigh api repos/{owner}/{repo}/contents/.github/workflows --paginate --jq '.[].name'?ref={ref}.yml.yamlgh api repos/{owner}/{repo}/contents/.github/workflows/{filename} --jq '.content | @base64d'?ref={ref}gh apigh api repos/{owner}/{repo}/contents/.github/workflows --paginate --jq '.[].name'?ref={ref}.yml.yamlgh api repos/{owner}/{repo}/contents/.github/workflows/{filename} --jq '.content | @base64d'?ref={ref}gh auth statusgh auth login.github/workflows/gh auth statusgh auth login.github/workflows/gh apigh auth statusbashshevalsourcepythonnoderuby$(...)gh apigh auth statusbashshevalsourcepythonnoderuby$(...).github/workflows/*.yml.github/workflows/*.yaml.github/workflows/.github/workflows/*.yml.github/workflows/*.yaml.github/workflows/uses:| Action Reference | Action Type |
|---|---|
| Claude Code Action |
| Gemini CLI |
| Gemini CLI (legacy/archived) |
| OpenAI Codex |
| GitHub AI Inference |
uses:@@@v1@main@abc123uses:jobs.<job_id>.steps[]uses:uses:steps:uses:runs-on:jobs:name:id:uses:uses:| 动作引用 | 动作类型 |
|---|---|
| Claude Code Action |
| Gemini CLI |
| Gemini CLI(旧版/已归档) |
| OpenAI Codex |
| GitHub AI Inference |
@uses:@@v1@main@abc123jobs.<job_id>.steps[]uses:uses:uses:steps:uses:runs-on:jobs:name:id:uses:uses:uses:./path/to/actionaction.ymlruns.steps[]uses:uses:uses:uses:./path/to/actionaction.ymlruns.steps[]uses:uses:with:with:promptclaude_args--allowedTools--disallowedToolsallowed_non_write_users"*"allowed_botssettingstrigger_phrasepromptsettingsgemini_modelextensionspromptprompt-filesandboxworkspace-writeread-onlydanger-full-accesssafety-strategydrop-sudounprivileged-userread-onlyunsafeallow-users"*"allow-botscodex-argspromptmodeltokenpromptclaude_args--allowedTools--disallowedToolsallowed_non_write_users"*"allowed_botssettingstrigger_phrasepromptsettingsgemini_modelextensionspromptprompt-filesandboxworkspace-writeread-onlydanger-full-accesssafety-strategydrop-sudounprivileged-userread-onlyunsafeallow-users"*"allow-botscodex-argspromptmodeltokenon:pull_request_targetissue_commentissuesenv:env:jobs:env:jobs.<job_id>:steps:env:${{ }}${{ github.event.issue.body }}${{ github.event.pull_request.title }}permissions:contents: writepull-requests: writeon:pull_request_targetissue_commentissuesenv:env:jobs:env:jobs.<job_id>:steps:env:${{ }}${{ github.event.issue.body }}${{ github.event.pull_request.title }}permissions:contents: writepull-requests: write| Vector | Name | Quick Check | Reference |
|---|---|---|---|
| A | Env Var Intermediary | | {baseDir}/references/vector-a-env-var-intermediary.md |
| B | Direct Expression Injection | | {baseDir}/references/vector-b-direct-expression-injection.md |
| C | CLI Data Fetch | | {baseDir}/references/vector-c-cli-data-fetch.md |
| D | PR Target + Checkout | | {baseDir}/references/vector-d-pr-target-checkout.md |
| E | Error Log Injection | CI logs, build output, or | {baseDir}/references/vector-e-error-log-injection.md |
| F | Subshell Expansion | Tool restriction list includes commands supporting | {baseDir}/references/vector-f-subshell-expansion.md |
| G | Eval of AI Output | | {baseDir}/references/vector-g-eval-of-ai-output.md |
| H | Dangerous Sandbox Configs | | {baseDir}/references/vector-h-dangerous-sandbox-configs.md |
| I | Wildcard Allowlists | | {baseDir}/references/vector-i-wildcard-allowlists.md |
| 向量 | 名称 | 快速检查 | 参考文档 |
|---|---|---|---|
| A | 环境变量中间件 | | {baseDir}/references/vector-a-env-var-intermediary.md |
| B | 直接表达式注入 | 提示词或系统提示字段中包含 | {baseDir}/references/vector-b-direct-expression-injection.md |
| C | CLI数据获取 | 提示词文本中包含 | {baseDir}/references/vector-c-cli-data-fetch.md |
| D | PR目标+检出 | | {baseDir}/references/vector-d-pr-target-checkout.md |
| E | 错误日志注入 | CI日志、构建输出或 | {baseDir}/references/vector-e-error-log-injection.md |
| F | 子shell扩展 | 工具限制列表包含支持 | {baseDir}/references/vector-f-subshell-expansion.md |
| G | AI输出执行 | | {baseDir}/references/vector-g-eval-of-ai-output.md |
| H | 危险沙箱配置 | | {baseDir}/references/vector-h-dangerous-sandbox-configs.md |
| I | 通配符白名单 | | {baseDir}/references/vector-i-wildcard-allowlists.md |
### Env Var Intermediary.github/workflows/review.ymljobs.review.steps[0]### 环境变量中间件.github/workflows/review.ymljobs.review.steps[0]pull_request_targetissue_commentissuespushworkflow_dispatchdanger-full-accessBash(*)--yolo"*"github_tokenpull_request_targetissue_commentissuespushworkflow_dispatchdanger-full-accessBash(*)--yolo"*"github_token**Analyzed X workflows containing Y AI action instances. Found Z findings: N High, M Medium, P Low, Q Info.**### .github/workflows/review.yml**分析了X个包含Y个AI Agent动作实例的工作流,发现Z个检测结果:N个高风险、M个中风险、P个低风险、Q个信息提示。**### .github/workflows/review.yml## Remote Analysis: owner/repo (@ref)(@ref)https://github.com/owner/repo/blob/{ref}/.github/workflows/{filename}Source: owner/repo/.github/workflows/{filename}## 远程分析:owner/repo (@ref)(@ref)https://github.com/owner/repo/blob/{ref}/.github/workflows/{filename}来源:owner/repo/.github/workflows/{filename}{baseDir}/references/vector-{a..i}-*.mduses:{baseDir}/references/vector-{a..i}-*.mduses: