Public repo > infect by merge > github runner picks up and gets infected > and github action (from a repo) that then runs on runner getw effected