8 accounts open 36 near-identical PRs (docs: add donation files), burying the real attack in noise.
PR #2155 (docs: add template) comes from a now-deleted fork. Only a gap in the PR numbering remains:
The Docs Preview (Netlify) job runs untrusted fork code with repository secrets via pull_request_target. The attacker hides JS in the docs build.
CI executes the payload, which fetches and evals a second stage from a paste service:
/proc/*/environ for INPUT_GITHUB-TOKEN, NETLIFY_AUTH_TOKEN, NETLIFY_SITE_IDactions/checkout@v5 (dist/index.js) to grab credentials at pipeline exitrentry[.]co/elzoteboThe attacker steals asyncapi-bot's GitHub release token, and likely the project's Netlify credentials.