GitHub Actions fork pull requests: where privileged workflows break

TL;DR: A single pull request from a fork can turn GitHub Actions workflows into code execution, token theft, secret exposure, and repository compromise across Microsoft, Google, Nvidia, and others, according to Orca Security. The problem is not the fork itself but the assumption that untrusted pull request code can safely enter privileged workflows.

NHIMG editorial — based on content published by Orca Security: GitHub Actions pwn requests and privileged workflow exploitation

By the numbers:

• Systems with least-privileged AI access had a 17% incident rate vs 76% for over-privileged systems.

Questions worth separating out

Q: How should security teams stop forked pull requests from reaching privileged GitHub Actions jobs?

A: Security teams should separate validation from privilege.

Q: Why do GitHub Actions misconfigurations create so much lateral movement risk?

A: They create lateral movement risk because a workflow runner can inherit access to repository writes, tokens, secret stores, and sometimes cloud credentials.

Q: What do security teams get wrong about pull_request_target workflows?

A: Teams often assume the trigger is safe if the workflow looks familiar or uses reusable components.

Practitioner guidance

• Split untrusted and privileged jobs Run forked pull request validation in a non-privileged workflow with no write permissions, no release credentials, and no deployment environment access.
• Remove checkout before trust checks Validate branch origin, event type, and repository source before any checkout of contributor-controlled code occurs in a job with elevated permissions.
• Treat workflow tokens as NHI credentials Inventory GITHUB_TOKEN usage, reusable workflow permissions, and environment secrets as non-human identities with explicit scope and expiration.

What's in the full article

Orca Security's full blog post covers the operational detail this post intentionally leaves for the source:

• Step-by-step exploit paths for Microsoft, Google Cloud, and Nvidia repositories
• Workflow snippets showing how pull_request_target was misused in real jobs
• Specific mitigation patterns such as label gates, environment protections, and repository-level restrictions
• Disclosure timelines and repository-specific fixes that are useful for incident response teams

👉 Read Orca Security's analysis of GitHub Actions pwn request exploitation →

GitHub Actions fork pull requests: where privileged workflows break?

Explore further

View Full Forum →  |  NHI Foundation Course →