The recent supply chain attack on GitHub has raised significant concerns regarding the security of CI/CD pipelines. The attack, characterized as sophisticated, involved the insertion of a base64-encoded payload into an install script that exposed CI workflow secrets in public repository logs. While this attack appears to have been executed in a way that minimized damage, it highlights the vulnerabilities tied to the reliance on various third-party packages and actions that could be created without rigorous oversight. Users are expressing frustration over the lack of clear accountability and trust in the community-driven actions and packages used within GitHub workflows. Suggestions for GitHub to improve security include implementing immutable action enforcement and reevaluating the trust model surrounding community actions. Overall, this incident brings to light the critical importance of security in software development processes, especially as reliance on open-source contributions continues to grow.