Secrets exfiltration vulnerability

[darryk10]

Hi, We found a critical vulnerability in one of the CI workflows in this repo. We already submitted a GHSA to securely disclose all the information and the POC to reproduce the issue. The repository is still vulnerable, and exploiting the vulnerability, an attacker could exfiltrate secrets and a highly privileged GITHUB_TOKEN to revert the overall repo.

Let me know if we can provide any other information to fix it.