How does this siphon the secrets away? It looks like it just dumps them out to s... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		Everdred2dx on March 15, 2025 \| parent \| context \| favorite \| on: Tj-actions/changed-files GitHub Action Compromised... How does this siphon the secrets away? It looks like it just dumps them out to stdout and stops there.

varunsharma07 on March 15, 2025 [–]

Yes, just prints to the build log, so the risk is higher for public repos. Lot of public repos have creds printed in their build logs due to this compromised action.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact