Primer on GitHub Actions Security - Threat Model, Attacks and Defenses (Part 1/2)

**Executive summary:** This report analyzes GitHub Actions threat models and documents three major classes of incidents—pull_request_target misconfigurations enabling PR-based code execution, script/expression injection from unsanitized inputs, and compromised third-party actions—illustrating real supply-chain compromises (Trivy, Ultralytics, tj-actions) that led to secret exfiltration and widespread malware distribution.