GitHub Actions is the weakest link

A detailed analysis of recurring GitHub Actions supply chain attacks from late 2024 through early 2026, tracing how platform features like pull_request_target triggers, mutable action tags, template injection, and overly permissive default tokens enabled incidents affecting Ultralytics, tj-actions, nx, Trivy, and elementary-data. The author argues these are not bugs but dangerous-by-default design choices, and that concentrating trusted publishing (PyPI, npm, etc.) on OIDC from GitHub Actions has made workflow security the critical bottleneck for the entire open source ecosystem. GitHub's announced security roadmap is acknowledged but criticized for being opt-in and delayed. Practical mitigations include running zizmor, pinning action SHAs, setting read-only token permissions, and treating all untrusted user input as potential shell injection.