Ensure using safe curl command without secrets

Using curl, a bad actor can send the secret to a website they own if they can obtain the secret in a workflow.

Risk Level: medium
Platform: Github
Spectral Rule ID: GHAC003

REMEDIATION

In job remove in run command the secrets pointer

Read more: