[sensitivefrost]

Bug bounty people (myself included, though mine's quite aged) have written scrapers on all the main popular CI/CD platforms, to automagically scrape tokens from logs & submit bug reports to get paid. Unsurprising if malicious actors have done the same.