High-risk tools in Git Steer
6 of the 83 tools in Git Steer are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
actions_triggerExecuteManually trigger a workflow
-
cert_renewExecuteTrigger certificate renewal for expiring certificates. Deletes the certificate Secret to force cert-manager to re-issue, or creates a PR to update certificate manifests.
-
code_quality_sweepExecuteRun linters and SAST tools (ESLint, Ruff, gosec, Bandit) on a repository via GitHub Actions. Auto-detects language stack.
-
code_reviewExecuteRun AI-powered code review using CodeRabbit CLI. Reviews changes in a local git repository.
-
git_steer_actions_triggerExecuteTrigger a GitHub Actions workflow dispatch event.
-
security_fix_prExecuteDispatch a GitHub Actions workflow to fix security vulnerabilities (no local code needed - runs in ephemeral cloud compute)
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.