mastodon.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
The original server operated by the Mastodon gGmbH non-profit

Administered by:

Server stats:

380K
active users

The day is still young. But in we already had...

Weirdo one: adds 7 comments to the first commit on GitHub. The comments look like maybe a file listing of files that existed in that first git commit?

Banned.

Weirdo two: creates a new issue from a short (seemingly random) comment someone did in an ongoing open PR. Adding nothing new.

Banned.

Both cases completely inexplicable and weird.

@bagder more often than not, weird interactions like those are people probing for injection in the CI to steal tokens.
A good indicator is if the comment has been edited.

daniel:// stenberg://

@vincentbiret how are comments or new issues able to probe anything like that? You probably think of PRs, but these weren't.

@bagder if you're using those "fields" in workflows to do things like automatically add labels, generate changelogs, etc...
The trick is to make sure you always use intermediate environment variables and NEVER directly use the value in scripts. Doing so, automatic escaping will be done for you.

@bagder right, I'm not saying it was what was happening in your case, simply saying this is another threat vector to be aware of with those "weird behaviours". Better safe than sorry, especially with such an impactful project as curl :)