1. SEC GitHub Workflow Flaw: Critical 'Pwn Request' Vulnerability in pr-loop.yml Exposes API Secrets
A critical security flaw in the SEC's GitHub Actions workflow, `pr-loop.yml`, creates a direct path for attackers to steal high-value API secrets, including the `ANTHROPIC_API_KEY` and `ALEXS_CODEX_KEY`. The vulnerability is a textbook 'pwn request' scenario, where the workflow's configuration grants it access to the r...