chore: add Pullfrog workflow file

[pullfrog]

This PR adds the .github/workflows/pullfrog.yml workflow file to enable Pullfrog agent runs in this repository.

Once merged, return to the Pullfrog console and click Verify workflow to finish setup.

Greptile Summary

This PR adds .github/workflows/pullfrog.yml to wire up the Pullfrog AI agent service, triggered manually via workflow_dispatch with a free-text prompt input.

• The workflow passes multiple optional LLM provider API keys (Anthropic, OpenAI, Gemini, etc.) from repository secrets to the pullfrog/pullfrog@v0 action, which runs on ubuntu-latest.
• The pullfrog/pullfrog action is pinned to the mutable @v0 floating tag rather than a specific commit SHA, introducing supply chain risk if the upstream tag is ever updated silently.
• The job requests id-token: write, which is worth confirming is strictly required by Pullfrog's authentication mechanism rather than just the API-key path.

Confidence Score: 4/5

Safe to merge for basic Pullfrog setup, but the mutable action tag and broad OIDC permission warrant a quick double-check before enabling in a production repository.

The change is a single, minimal workflow file with no logic beyond delegating to a third-party action. The main concerns are using a floating @v0 tag (supply chain) and the id-token: write permission that isn't confirmed to be strictly necessary — both are worth reviewing but neither blocks the workflow from functioning as intended.

.github/workflows/pullfrog.yml — specifically lines 21 (id-token: write) and 29 (pullfrog/pullfrog@v0).

Security Review

• Supply chain risk (.github/workflows/pullfrog.yml line 29): pullfrog/pullfrog@v0 is a mutable, floating tag. Any update the upstream maintainer pushes to that tag is automatically trusted and executed in the runner without repository-side review.
• Overly broad OIDC permission (.github/workflows/pullfrog.yml line 21): id-token: write enables OIDC token generation for cloud-provider authentication. If this is not required by Pullfrog's authentication flow, removing it would limit the privilege available to the third-party action.

Important Files Changed

Filename	Overview
.github/workflows/pullfrog.yml	New GitHub Actions workflow that enables the Pullfrog AI agent service; uses a mutable @v0 tag for the third-party action and requests id-token: write permission.

Prompt To Fix All With AI

Fix the following 2 code review issues. Work through them one at a time, proposing concise fixes.

---

### Issue 1 of 2
.github/workflows/pullfrog.yml:29
**Mutable tag for third-party action**

`pullfrog/pullfrog@v0` is a floating tag. If the upstream maintainer force-pushes or updates that tag, the new code will be pulled into every subsequent run without any review. GitHub's [security hardening guide](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions) recommends pinning third-party actions to a full commit SHA (e.g., `pullfrog/pullfrog@<sha>`) so that the exact code being run is always auditable and immutable.

### Issue 2 of 2
.github/workflows/pullfrog.yml:21
**`id-token: write` grants OIDC token generation**

This permission allows the job to request OIDC tokens that can be used to authenticate with AWS, GCP, Azure, and other cloud providers without static credentials. While Pullfrog may need this for its own authentication flow, it's worth confirming this is actually required — if the agent only uses the API keys provided via `env`, this permission could be dropped to reduce the blast radius of a compromised action.

_{Reviews (1): Last reviewed commit: "chore: add Pullfrog workflow file" | Re-trigger Greptile}

Greptile also left 2 inline comments on this PR.

[greptile-apps]

id-token: write grants OIDC token generation

This permission allows the job to request OIDC tokens that can be used to authenticate with AWS, GCP, Azure, and other cloud providers without static credentials. While Pullfrog may need this for its own authentication flow, it's worth confirming this is actually required — if the agent only uses the API keys provided via env, this permission could be dropped to reduce the blast radius of a compromised action.

Prompt To Fix With AI

This is a comment left during a code review.
Path: .github/workflows/pullfrog.yml
Line: 21

Comment:
**`id-token: write` grants OIDC token generation**

This permission allows the job to request OIDC tokens that can be used to authenticate with AWS, GCP, Azure, and other cloud providers without static credentials. While Pullfrog may need this for its own authentication flow, it's worth confirming this is actually required — if the agent only uses the API keys provided via `env`, this permission could be dropped to reduce the blast radius of a compromised action.

How can I resolve this? If you propose a fix, please make it concise.

Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!

[greptile-apps]

Mutable tag for third-party action

pullfrog/pullfrog@v0 is a floating tag. If the upstream maintainer force-pushes or updates that tag, the new code will be pulled into every subsequent run without any review. GitHub's security hardening guide recommends pinning third-party actions to a full commit SHA (e.g., pullfrog/pullfrog@<sha>) so that the exact code being run is always auditable and immutable.

Prompt To Fix With AI

This is a comment left during a code review.
Path: .github/workflows/pullfrog.yml
Line: 29

Comment:
**Mutable tag for third-party action**

`pullfrog/pullfrog@v0` is a floating tag. If the upstream maintainer force-pushes or updates that tag, the new code will be pulled into every subsequent run without any review. GitHub's [security hardening guide](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions) recommends pinning third-party actions to a full commit SHA (e.g., `pullfrog/pullfrog@<sha>`) so that the exact code being run is always auditable and immutable.

How can I resolve this? If you propose a fix, please make it concise.