diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
new file mode 100644
index 0000000..7563f7a
--- /dev/null
+++ b/.github/workflows/ci.yaml
@@ -0,0 +1,25 @@
+name: "CI Checks"
+permissions: {}
+
+on: [push, pull_request]
+
+jobs:
+  markdownlint:
+    name: Markdownlint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Run Markdownlint
+        uses: DavidAnson/markdownlint-cli2-action@v15
+        with:
+          globs: |
+            README.md
+  shellcheck:
+    name: Shellcheck
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Run ShellCheck
+        uses: ludeeus/action-shellcheck@2.0.0
+        with:
+          scandir: './scripts'
\ No newline at end of file
diff --git a/README.md b/README.md
index ba6aabb..89a5dea 100644
--- a/README.md
+++ b/README.md
@@ -1,8 +1,8 @@
+<!-- markdownlint-disable MD013 -->
 # Public Key Cryptography Test Keys
 
 ![GitHub License](https://img.shields.io/github/license/thibmeu/rfc9500)
 
-
 [RFC 9500](https://www.rfc-editor.org/rfc/rfc9500.html) proposes a set of standard test keys. This repository presents the private and public keys, in different format to ease consumptions.
 
 ## Table of Content
diff --git a/scripts/generate.sh b/scripts/generate.sh
index 7eecca7..31b0cc0 100755
--- a/scripts/generate.sh
+++ b/scripts/generate.sh
@@ -5,9 +5,9 @@
 ########
 
 # Generate public keys
-for n in {1024,2048,4096}; do openssl dsa -in ./pem/testDLP${n}.pem -pubout -out ./pem/testDLP${n}.pub.pem;  done
-for n in {256,384,521}; do openssl ec -in ./pem/testECCP${n}.pem -pubout -out ./pem/testECCP${n}.pub.pem;  done
-for n in {1024,2048,4096}; do openssl rsa -in ./pem/testRSA${n}.pem -pubout -out ./pem/testRSA${n}.pub.pem;  done
+for n in {1024,2048,4096}; do openssl dsa -in "./pem/testDLP${n}.pem" -pubout -out "./pem/testDLP${n}.pub.pem";  done
+for n in {256,384,521}; do openssl ec -in "./pem/testECCP${n}.pem" -pubout -out "./pem/testECCP${n}.pub.pem";  done
+for n in {1024,2048,4096}; do openssl rsa -in "./pem/testRSA${n}.pem" -pubout -out "./pem/testRSA${n}.pub.pem";  done
 
 
 ########