Palo Alto says there's a way to build a GitHub Actions worm that can spread through and compromise GH projects... yey!

https://www.paloaltonetworks.com/blog/prisma-cloud/github-actions-worm-dependencies/

https://files.mastodon.social/media_attachments/files/111/064/839/960/054/524/original/194cbf4a1003dc2d.png