> ## Documentation Index > Fetch the complete documentation index at: https://bloodhound.specterops.io/llms.txt > Use this file to discover all available pages before exploring further. # GH_CanPwnRequest > [Computed] Repo role can exploit a pwn-requestable workflow to execute arbitrary code with the target's secrets and permissions — GH_RepoRole → GH_Repository / GH_Branch Applies to BloodHound Enterprise and CE ## Edge Schema * Source: [GH\_RepoRole](/opengraph/extensions/github/nodes/gh_reporole) * Destination: [GH\_Repository](/opengraph/extensions/github/nodes/gh_repository), [GH\_Branch](/opengraph/extensions/github/nodes/gh_branch) * Traversable: ✅ ## General Information The traversable GH\_CanPwnRequest edge indicates that a repository role can exploit a pwn-requestable workflow to execute arbitrary code with the base branch's secrets, `GITHUB_TOKEN` permissions, and OIDC identity. This is a computed edge that combines workflow analysis with repository access and fork policy evaluation. ### Pwn Request Conditions A workflow is considered pwn-requestable (`is_pwn_requestable = true`) when **all** of the following are true: 1. **`pull_request_target` trigger**: The workflow is triggered by `pull_request_target`, which runs in the context of the base branch and has access to the base branch's secrets and permissions. 2. **Attacker-controlled checkout**: A step uses `actions/checkout` with a `ref` parameter pointing to the pull request head, meaning attacker-supplied code from the fork replaces the trusted repository contents. Detected ref patterns: * `${{ github.event.pull_request.head.sha }}` * `${{ github.event.pull_request.head.ref }}` * `${{ github.head_ref }}` ### Edge Drawing Conditions An edge is drawn from a [GH\_RepoRole](/opengraph/extensions/github/nodes/gh_reporole) to the repository and its branches when: 1. **Read access**: The role has a [GH\_ReadRepoContents](/opengraph/extensions/github/edges/gh_readrepocontents) edge to the repository. 2. **Forkability**: The repository can be forked by the role holder. 3. **Pwn-requestable workflow**: The repository has at least one workflow with `is_pwn_requestable = true`. ### Attack Impact An attacker who exploits a pwn request gains code execution in the workflow runner with access to: * **Repository secrets** scoped to the base branch * **Organization secrets** accessible by the repository * **`GITHUB_TOKEN`** with the workflow's declared permissions * **OIDC tokens** if `id-token: write` is set, enabling cloud identity assumption via [GH\_CanAssumeIdentity](/opengraph/extensions/github/edges/gh_canassumeidentity) * **Environment secrets** if the workflow job targets a deployment environment ### Caveats * **OIDC traversal requires `id-token: write`**: The attack chain from GH\_CanPwnRequest through [GH\_CanAssumeIdentity](/opengraph/extensions/github/edges/gh_canassumeidentity) to a cloud role is only valid if the pwn-requestable workflow or job explicitly declares `id-token: write`. * **`GITHUB_TOKEN` permissions**: The `permissions:` block controls what the token can do, but does not limit secret access, OIDC token requests, or arbitrary code execution. ```mermaid theme={null} graph LR role("GH_RepoRole repo-read") repo("GH_Repository private-app") branch("GH_Branch main") wf("GH_Workflow vulnerable-ci.yml") secret("GH_RepoSecret DEPLOY_KEY") cloud("AWSRole deploy-prod") role -- GH_CanPwnRequest --> repo role -- GH_CanPwnRequest --> branch repo -.- |GH_HasWorkflow| wf repo -.- |GH_Contains| secret branch -- GH_CanAssumeIdentity --> cloud ```