Actions Dangerous Expressions Scanner

Paste your GitHub Actions workflow or manifest below and get a report of dangerous uses of expressions in it.

Only expressions known to be controllable by attackers.

name: Example
on: [push]

jobs:
  example:
    name: example
    runs-on: ubuntu-latest
    steps:
    - name: Safe run
      run: echo 'Hello world!'
    - name: Unsafe run
      run: echo 'Hello ${{ inputs.name }}'

Report

Working...