[hunter2_]

GitHub is indeed giving WeChat our information, but only when it looks just like WeChat secrets, and only once it's already publicly leaked (any leaked via private repo instead goes to the repo admin).

So technically the answer to GP is 'yes'.

[b4je7d7wb]

I dont think you can claim an API key is your information. It is quite by definition information created by WeChat and Github is sharing only that with them a few minutes before it shares it with bad actors.

[hunter2_]

It's not necessarily created by WeChat. It just needs to follow the same pattern as a key generated by WeChat (thus all the .* regex jokes here). It could very well be anyone's information, but information about to be public anyway (making "yes" the answer to the question "Isn't this information already public?").