Executive Summary: What is pull_request_target? GitHub Actions offers multiple triggers for running workflows. The pull_request_target trigger is often misunderstood and misused. Unlike pull_request, which runs workflows in the context of the forked branch with limited permissions, pull_request_target runs workflows in the context of the base repository, where secrets are exposed and the provided GITHUB_TOKEN typically … Continue reading pull_request_nightmare Part 1: Exploiting GitHub Actions for RCE and Supply Chain Attacks