GitHub Actions pull_request_target checking out untrusted code
pull_request_target runs with the base repo's secrets and a writable token. Checking out the PR head ref then executes untrusted fork code with those privileges - a serious security hole.
What this error means
A pull_request_target workflow checks out the PR head and runs build/test steps, meaning fork-controlled code runs with access to repository secrets.
github-actions
on: pull_request_target
jobs:
build:
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }} # runs untrusted code with secretsCommon causes
Checking out PR head under pull_request_target
The workflow uses pull_request_target (privileged) but checks out fork-controlled head code and executes it.
Running build steps on untrusted input
Untrusted scripts/dependencies from the PR run with secrets and a write token.
How to fix it
Do not execute untrusted code with secrets
- Use pull_request (not _target) to build/test fork code without secrets.
- If you must use pull_request_target, do not check out or run head code; only label/comment.
- Gate any privileged step behind a trusted-author / approval check.
.github/workflows/ci.yml
on: pull_request # untrusted build runs with a read-only token, no secrets
jobs:
test:
steps:
- uses: actions/checkout@v4
- run: npm ci && npm testHow to prevent it
- Never run untrusted fork code under pull_request_target.
- Keep secrets out of fork-triggered build/test.
- Separate privileged write-back from untrusted execution.
Related guides
GitHub Actions pull_request_target checks out untrusted fork codeFix the GitHub Actions security pitfall where pull_request_target runs with secrets but checking out the PR h…
GitHub Actions pull_request_target Checks Out Untrusted Fork CodeFix the GitHub Actions pull_request_target security pitfall - it runs with write permissions and secrets, so…
GitHub Actions "Resource not accessible by integration" on a fork PRFix GitHub Actions "Resource not accessible by integration" when a workflow triggered by a pull_request from…
GitHub Actions Fork PR Workflow Cannot Comment or Push (Read-Only Token)Fix GitHub Actions fork pull-request runs that cannot comment, label, or push - pull_request from a fork alwa…