Skip to content
March 28, 2026·OpenSyber Team·8 min read

THE ONE GITHUB ACTIONS MISCONFIGURATION

Behind Every Major Supply Chain Attack

Six major supply chain incidents in the past year share the same root cause: a GitHub Actions workflow using pull_request_targetthat runs fork PR code with access to the parent repository's secrets. The pattern is identical every time, and it is still the most common misconfiguration in open source CI/CD.

The dangerous pattern

Dangerous — do not use

on:
  pull_request_target:
    types: [opened, synchronize]

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          ref: ${{ github.event.pull_request.head.sha }}
      - run: npm test  # Runs fork code with repo secrets

The safe pattern

Safe — use this instead

on:
  pull_request:  # Not pull_request_target
    types: [opened, synchronize]

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: npm test  # Runs in fork context, no secrets

6 incidents, same root cause

1. Trivy (Aqua Security)

Fork PR triggered a workflow that exposed container registry credentials via pull_request_target.

2. tj-actions/changed-files

Compromised action tag injected a credential-harvesting step into thousands of downstream workflows.

3. Ultralytics

Fork PR ran untrusted code in a privileged workflow context, leaking PyPI publishing tokens.

4. Cline (VS Code Extension)

Pull request from a fork executed build scripts with access to the extension marketplace signing key.

5. Checkmarx

CI workflow ran fork-submitted test code that exfiltrated environment secrets to an external endpoint.

6. ambient-code

A fork PR modified the build script, which ran with elevated permissions and leaked API tokens.

How OpenSyber prevents this

The Workflow Trigger Auditor skill scans every GitHub Actions workflow file in your repository and flags any use of pull_request_target that checks out fork code. It runs on every push and PR, providing immediate feedback before the misconfiguration reaches production. Combined with the CI/CD Supply Chain Guardian, it covers the full spectrum of workflow-level supply chain risks.

Audit your workflows before attackers do.

Install the Workflow Trigger Auditor from the OpenSyber Skill Marketplace.

Start free →