Ensure using safe curl command without secrets

Using curl, a bad actor can send the secret to a website they own if they can obtain the secret in a workflow.

Risk Level: medium
Platform: Github
Spectral Rule ID: GHAC003

REMEDIATION

In job remove in run command the secrets pointer

Read more:

https://docs.github.com/en/actions/security-guides/encrypted-secrets

Updated almost 2 years ago