Design Flaw in GitHub Actions Poses Security Risk

According to Google Project Zero researcher Felix Wilhelm, a GitHub Action design flaw can enable hackers to write to your repositories and can also be used to reveal encrypted secrets.

GitHub Actions that print untrusted content as part of their execution are vulnerable to remote code execution.

Read more at The New Stack.