Critical Secrets exfiltration vulnerability

[darryk10]

Hi, We found a critical vulnerability in one of the CI workflows in this repo. The repository remains vulnerable, allowing an attacker to exfiltrate secrets and a highly privileged GITHUB_TOKEN, potentially compromising the overall repository content. This would impact all the repo users We are happy to coordinate for full disclosure and receive proper CVE via Github Security Advisory (GHSA).

[fgregg]

thank you. i have enabled GHSA on this repo. please report the issue you have found.