Most GitHub Actions are susceptible to exploitation; they are overly privileged or have risky dependencies, according to Legit Security. GitHub Actions security flaws pose major risks The report found the GitHub Actions marketplace’s security posture to be especially concerning, with most custom Actions not verified, maintained by one developer, or generating low-security scores based on OpenSSF Scorecard.

Source: Help Net Security