Ya, but I doubt that is the case with actions, because I don't think you really have full access to everything. You provide a yaml file and their software runs that yaml which could easily exclude any dangerous commands. Plus, github offers a hosted runner service where you pay for a dedicated VM to run your actions in. So that makes it seem like actions are probably run together on larger VMs by default.
> I don't think you really have full access to everything
You do.
> their software runs that yaml which could easily exclude any dangerous commands
Categorizing dangerous commands is impossible to do accurately by just looking at a yaml file.
> Plus, github offers a hosted runner service where you pay for a dedicated VM to run your actions in. So that makes it seem like actions are probably run together on larger VMs by default.
I'm not sure what this means. The paid hosted runners are not any different from the free hosted runners, but free runners can only be used on public repos.
