A vulnerability discovered in GitHub Actions could allow an attacker to poison a developers pipeline, highlighting the risk that insecure software pipelines pose.