Malware exploits compromised npm packages and manipulated GitHub Actions to exfiltrate tokens and credentials directly from CI/CD environments and developer repositories.
GitHub blocks by default the automatic loading of code from forked pull requests in privileged workflows to prevent attackers from stealing GITHUB_TOKEN and environment variables.
Unauthenticated attackers can manipulate privileged processes and take over code repositories through insecure permission configurations in GitHub Actions.
actions/checkout v7 fails workflows that use pull_request_target or workflow_run with unverified fork code — a step toward “Security by Default” philosophy.
Invisible HTML comments in GitHub Issues could trick Claude Code AI into reading protected environment variables like ANTHROPIC_API_KEY due to insufficient restrictions on the Read tool.