[franky47]

Close the PR, and if they open a new one, block them from the org.

There is a setting to prevent PRs from recently created accounts, you might want to turn that on too: https://docs.github.com/en/communities/moderating-comments-a...

[zacian]

Thank you, I've done this. I've discovered that many such repositories have been hit by spam and commits that inject RCE or Adware in the name of contributions.