Skill Detail
Pin GitHub Actions and reusable workflow refs to immutable SHAs before CI changes merge with pinact
Rewrite mutable GitHub Actions refs to commit SHAs so workflow changes do not ship with drifting dependencies.
CI/CD IntegrationsMulti-Framework
CI/CD Integrations
Multi-Framework
Security Reviewed
β 917 GitHub stars
INSTALL WITH ANY AGENT
npx skills add agentskillexchange/skills --skill pin-github-actions-and-reusable-workflow-refs-to-immutable-shas-before-ci-changes-merge-with-pinact
Works best when you want a reusable capability, not another fragile one-off prompt.
At a glance
Tools required
pinact CLI, repository access to the target .github workflow files, and optional GitHub token access for API-backed pin resolution.
Install & setup
Install pinact from the upstream release or package instructions, run it in the repository root to rewrite GitHub workflow or composite action refs, then review the resulting diffs and annotation checks before merging.
Author
suzuki-shunsuke
Publisher
Individual
Last updated
Apr 17, 2026
Quick brief
Use pinact when an agent needs to harden GitHub workflow files by replacing mutable action refs with immutable commit SHAs, not when the user is just browsing Actions docs or running a generic workflow linter. The workflow is specific: inspect workflow and composite action files, pin third-party actions and reusable workflows, and optionally verify version annotations before merge. That scope boundary, automated immutable-ref enforcement for GitHub Actions files, keeps it skill-shaped and distinct from broader CI tooling.