Scan a repository's GitHub Actions workflows for insecure patterns and vulnerable third-party action versions using Endor Labs. Use when the user says "scan GitHub Actions", "workflow security", "endor ghactions", "insecure CI workflow", "vulnerable action version", "harden my GHA workflows", or focuses on `.github/workflows` without asking for a full dependency or secrets scan. Do NOT use for combined supply chain reports (/endor-supply-chain), generic quick scans (/endor-scan), adding Endor to pipelines (/endor-cicd), or dependency-only checks (/endor-check).