Project compromises have common root causes we can mitigate: phishing, control handoff, and unsafe GitHub Actions triggers.| words.filippo.io