GitHub Actions Security: Avoiding pull_request_target Pitfalls in welcome-new-users.yml #77
Description
📌 Background
Recent research has highlighted a class of attacks targeting insecure GitHub Actions workflows, particularly those that use the pull_request_target trigger.
👉 Reference (thanks @mathieu-benoit for the notification):
These attacks (e.g. HackerBot-Claw) exploit workflows that:
- Run on
pull_request_target - Execute untrusted code from pull requests
- Have access to write permissions or secrets
This combination can lead to:
- Remote code execution (RCE)
- Token exfiltration
- Repository compromise
⚠️ The Problem
The pull_request_target event runs in the context of the base repository, meaning:
- It has access to secrets
- It uses a write-capable
GITHUB_TOKEN - It is NOT sandboxed like
pull_request
This becomes dangerous if the workflow:
- Checks out PR code (
actions/checkout) - Executes scripts from the PR
- Uses inputs controlled by the PR author
✅ Safe Use Case (Previous Setup)
Our original workflow used pull_request_target only to post comments (via wow-actions/welcome), without:
- Checking out code
- Running scripts
This is not directly vulnerable to the attack described above.
However, it still introduces a latent risk:
A future change (e.g. adding checkout) could instantly make it exploitable.
🛡️ Recommended Solution (Provably Safer)
We replace pull_request_target with pull_request, which:
- Runs in a restricted context
- Does not expose secrets to forks
- Uses a read-limited token by default
We also:
- Remove all unnecessary permissions
- Grant minimal per-job permissions
- Avoid executing any external or user-controlled code
✅ TL;DR
The safest workflow is one that never executes untrusted code and never has more permissions than it needs.
Switching from pull_request_target to pull_request eliminates an entire class of supply chain attacks, including the one described in the HackerBot-Claw research.