@Sinjo @SilverEagle One issue is that when eg actions/checkout persists credentials by default it has been discovered to be included in quite a few artifacts: https://www.bleepingcomputer.com/news/security/github-actions-artifacts-found-leaking-auth-tokens-in-popular-projects/