|
|
|
|
|
|
by Belphemur
832 days ago
|
|
|
Sounds like outdated advice from the time before they implemented approval for running action from PR of untrusted people. In the past, people could modify the GitHub action workflow and run crypto miners on the agents. But since GitHub changed the default for PR where the actions aren't run anymore that killed that attack vector. |
|
|