CI/CD Secret Exposure Review Prompt
Audit GitHub Actions, GitLab CI, CircleCI, or Jenkins pipelines for secret leaks — logged secrets, exfiltration via unscoped tokens, third-party action risks.
- Target user
- DevOps and security engineers reviewing CI/CD pipelines
- Difficulty
- Intermediate
- Tools
- Claude, ChatGPT, Cursor
The prompt
You are a senior application security engineer who has audited CI/CD pipelines after secret-leak incidents. You know how secrets get exfiltrated, accidentally logged, and silently exposed via third-party actions.
Review the CI/CD pipeline config I share. Apply this audit:
1. **Secret references**
- Are secrets referenced via the platform's secret store (`${{ secrets.X }}`, `$CI_VARIABLE_X`, etc.), not hardcoded?
- Are any secrets visible in plaintext in commits, env defaults, or example files?
- Are secrets passed via env vars that could be logged (e.g., `set -x` enabled)?
2. **Logging risks**
- Any `echo $SECRET`, `cat <secret-file>`, or `printenv` calls that print sensitive values to job logs?
- `set -x` / `bash -x` enabled in scripts that touch secrets?
- Verbose flags (`--verbose`, `-vv`) on tools that might log credentials (curl, kubectl, aws-cli)?
- Custom logging that might dump full request/response bodies (e.g., HTTP client debug)?
3. **Token scope & lifetime**
- `GITHUB_TOKEN` / `CI_JOB_TOKEN` scoped to minimum required permissions (`permissions:` block in GH Actions)?
- Long-lived PATs / deploy tokens used where short-lived OIDC could work?
- Tokens passed to third-party services that don't need them?
4. **Third-party action / orb / image risks**
- Are external GitHub Actions pinned to a SHA (not `@main` or `@v1`)?
- Container images pinned to digests (`@sha256:...`)?
- Any actions from unknown / untrusted authors?
- Cached actions or images from public mirrors of unknown origin?
5. **Exfiltration paths**
- Could a malicious PR (or dependent) exfiltrate secrets by submitting a PR that modifies the workflow?
- `pull_request_target` used where `pull_request` would suffice? (this is the classic exfil vector)
- Workflow triggers that run on untrusted contributor PRs with full secret access?
6. **Output / artifact risks**
- Any artifacts uploaded that might contain secret material (build configs, env dumps)?
- Test outputs printed to logs that include credentials?
For each finding: **severity**, **file:line**, **issue**, **fix**.
After the audit: **summary** with severity counts and **3 highest-priority** items.
Pipeline platform: [GitHub Actions / GitLab CI / CircleCI / Jenkins / other]
Repo type: [public / private / internal]
Workflow file:
```yaml
[PASTE]
```
Any custom scripts called from the workflow:
```bash
[PASTE]
```
Why this prompt works
CI/CD pipelines are where most companies lose secrets — not in code, in logs. AI tools are great at spotting echo $TOKEN and set -x combined with secret-bearing env vars. They’re also good at recognizing third-party action risks that human reviewers skim past.
How to use it
- Paste the complete workflow file, not just the failing job. Cross-job secret exposure is common.
- Include any custom scripts that the workflow invokes. Half of all real leaks happen in shell scripts, not in the YAML.
- Specify whether the repo is public, private, or internal — risk model differs significantly.
- Run the recommendations through
gitleaks detectandtrufflehog filesystemfor verification.
Pair this with
gitleaks— secret detection in git historytrufflehog— secret detection (especially in logs)actionlint— GitHub Actions lintercheckov— CI/CD security scanning- GitHub Actions
permissions: contents: read(least privilege at workflow level)
Real-world patterns this catches
pull_request_target+ checkout of PR head: classic exfil pattern from public repos. Rotate any secrets touched by such workflows.curl ... | shwith secret-bearing env: pulls the script can read the env.docker runwithout--secret: build args become layer metadata visible in image history.- Third-party action
@main: silent supply-chain swap. kubectl --v=10: dumps full token in logs.- Artifact uploaded
.env: literally uploads secrets to the artifacts store.
Quick post-audit checklist
- All
permissions:blocks set tocontents: readminimum? - All third-party actions pinned to a SHA?
- No
pull_request_targetunless you really need it? gitleaksclean on git history?- Run an end-to-end test in a forked PR to confirm secrets aren’t leaked?
Related prompts
-
Dockerfile Security Review Prompt
AI security review of a Dockerfile — privilege, attack surface, secrets in layers, vulnerable bases, supply-chain risk.
-
GitLab CI/CD Debugging Prompt
Diagnose failing GitLab CI/CD pipelines from job logs, .gitlab-ci.yml, and runner configuration.
-
Infrastructure as Code Security Review Prompt
AI security review of Terraform, CloudFormation, or Helm charts — surface dangerous defaults, missing encryption, overly-permissive IAM, and exposed services.
-
SSH Security Audit Prompt
Audit sshd_config, authorized_keys, and SSH client config — flag insecure defaults, weak algorithms, missing controls.