Worked on strengthening CI/CD security and secrets management for the SocketDev/socket-cli repository by hardening GitHub Actions workflows and improving environment secrets handling. Focused on mitigating template-injection vulnerabilities in YAML-based workflow files, pinning action SHAs, and introducing a Dependabot cooldown to enhance pipeline reliability. Developed and enforced a policy-driven approach to secrets management, minimizing exposure risk by restricting secrets usage to defined environments. Addressed workflow stability by synchronizing pnpm/action-setup SHAs and resolving ref-version mismatches. Suppressed known false positives in setup-node cache-poisoning, balancing security rules with practical test coverage. Utilized DevOps practices, YAML, and GitHub Actions throughout.