Prevent GITHUB_TOKEN from being stored in .git/config when checking out PR code in pull_request_target workflows. This is a security best practice to prevent untrusted code from potentially accessing stored credentials. While the Claude Code action doesn't execute arbitrary PR code, this follows defense-in-depth security principles to minimize attack surface when handling untrusted code from forks. |
||
|---|---|---|
| .. | ||
| ISSUE_TEMPLATE | ||
| workflows | ||
| pull_request_template.md | ||