This is more subtle, but there is an “author_association”field within Actions event contexts that can be one of:
NONE, CONTRIBUTOR, COLLABORATOR, MEMBER, OWNER
There are some cases where people use checks for that as part of gating for workflows that run on pull_request_target/issue_comment, but might confuse contributor and collaborator (which requires explicitly adding someone to the repository). Ultimately this is a misconfiguration on part of the maintainer but another example where fixing a typo can play a part in an attack.
NONE, CONTRIBUTOR, COLLABORATOR, MEMBER, OWNER
There are some cases where people use checks for that as part of gating for workflows that run on pull_request_target/issue_comment, but might confuse contributor and collaborator (which requires explicitly adding someone to the repository). Ultimately this is a misconfiguration on part of the maintainer but another example where fixing a typo can play a part in an attack.