Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
Lifecycle Timeline
5DescriptionGitHub Advisory
Skim is a fuzzy finder designed to through files, lines, and commands. The generate-files job in .github/workflows/pr.yml checks out attacker-controlled fork code and executes it via cargo run, with access to SKIM_RS_BOT_PRIVATE_KEY and GITHUB_TOKEN (contents:write). No gates prevent exploitation - any GitHub user can trigger this by opening a pull request from a fork. This vulnerability is fixed with commit bf63404ad51985b00ed304690ba9d477860a5a75.
AnalysisAI
GitHub Actions workflow injection in Skim's CI pipeline allows remote code execution with elevated privileges when any GitHub user opens a pull request from a fork. The vulnerable generate-files job automatically checks out and executes attacker-controlled Rust code (via cargo run) with access to SKIM_RS_BOT_PRIVATE_KEY secret and GITHUB_TOKEN with contents:write permissions, enabling repository compromise. User interaction (maintainer reviewing the PR) is required for context, though the exploit executes automatically on PR creation. Patch available via commit bf63404, no active exploitation confirmed at time of analysis.
Technical ContextAI
This is a CI/CD pipeline injection vulnerability (CWE-94: Improper Control of Generation of Code) in GitHub Actions workflows. The .github/workflows/pr.yml file contains a generate-files job that uses actions/checkout to fetch code from pull request branches, including those from untrusted forks. The workflow then executes cargo run (Rust's build-and-run command) against this attacker-controlled code without any sandboxing or approval gates. GitHub Actions secrets (SKIM_RS_BOT_PRIVATE_KEY and GITHUB_TOKEN) are exposed to the workflow context, making them accessible to the malicious code during execution. This represents a common class of supply chain security issues where CI systems trust fork contributions without proper isolation. The affected product is skim-rs/skim, a Rust-based fuzzy finder tool, though the vulnerability exists in the development infrastructure rather than the distributed binary.
RemediationAI
Apply the vendor-released patch by updating to commit bf63404ad51985b00ed304690ba9d477860a5a75 or later from the skim-rs/skim repository (https://github.com/skim-rs/skim/commit/bf63404ad51985b00ed304690ba9d477860a5a75). The fix likely restricts actions/checkout to prevent automatic execution of fork code or adds approval requirements for workflows triggered by pull_request_target events. For organizations unable to patch immediately, compensating controls include: (1) disable the generate-files job in .github/workflows/pr.yml entirely until patched, which breaks automated file generation but prevents exploitation; (2) require manual approval for all fork-originated workflow runs via repository settings under Actions → General → Fork pull request workflows, though this may still expose secrets if misconfigured; (3) rotate SKIM_RS_BOT_PRIVATE_KEY and review GITHUB_TOKEN recent activity for unauthorized commits or releases. Note that disabling the workflow job may impact development velocity if file generation is part of the testing process. Organizations should audit all workflows using actions/checkout with pull_request or pull_request_target triggers for similar issues.
Same weakness CWE-94 – Code Injection
View allSame technique Code Injection
View allVendor StatusVendor
SUSE
Severity: HighShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-25596