What can an attacker do with a stolen GitHub deploy key?
Let’s say I created a deploy key with write permissions to repository A.
Let’s say repository A has a protected master branch that has " Require a pull request before merging " enabled and “Allow force pushes” and “Allow deletion…