Marketplace for trusted AI agent skills

Generate SLSA build provenance in GitHub Actions

Skill Detail

Generate SLSA build provenance in GitHub Actions

Attach signed SLSA provenance to GitHub Actions builds so release artifacts ship with verifiable supply-chain metadata.

Security & VerificationMulti-Framework
Security & Verification Multi-Framework Security Reviewed
โญ 566 GitHub stars
INSTALL WITH ANY AGENT
npx skills add agentskillexchange/skills --skill generate-slsa-build-provenance-in-github-actions Copy
Works best when you want a reusable capability, not another fragile one-off prompt.
View source
At a glance
Tools required
GitHub Actions, SLSA GitHub Generator
Install & setup
Follow the repository setup for the relevant generator, add the recommended GitHub Actions workflow, then build artifacts and inspect the generated provenance attestation.
Author
SLSA maintainers
Publisher
Organization
Last updated
Apr 17, 2026
Quick brief

Use this skill when an agent needs to harden a GitHub Actions release pipeline by generating provenance attestations for build artifacts. It fits teams that already build in GitHub Actions and want downstream verification or policy enforcement.

How it works

What this skill actually does

Invoke it instead of using the SLSA GitHub Generator as a raw project when the task is operational: add the workflow step, choose the supported generator path, produce provenance, and confirm the emitted attestation matches the built artifact.

This is skill-shaped because the scope is narrowly about provenance generation inside GitHub Actions. It is not a generic SLSA framework listing.