Attacker
GitHub Actions Runner
Step 1
Fork & add malicious code

Finds a repo using pull_request_target that also checks out PR code. Forks it and injects malicious build steps.

Step 2
Open a pull request

Submits a PR from the fork to the target repo. GitHub detects the event and schedules the privileged workflow.

Step 3
Trigger fires with elevated privileges

Runs in the base repo context, granting the workflow:

GITHUB_TOKEN write access
Repository secrets
Trusted execution context
Step 4 · Critical mistake
Checkout code from the PR

actions/checkout fetches code from attacker's fork. Untrusted code is now on the runner alongside elevated credentials.

Step 5
Attacker code executes

Malicious steps run as legitimate CI with write access and full access to all declared secrets.

Vulnerable workflow snippet
- uses: actions/checkout@v3 with: ref: $ # ← attacker's fork
Datadog Security Labs