Cordyceps and GitHub Actions: When CI/CD Trust Boundaries Become the Supply Chain Attack
Novee's Cordyceps research is a reminder that GitHub Actions workflows are executable attack surface, not harmless YAML. Here is how to audit the trust boundary before an outside pull request borrows maintainer authority.