CI still checks out the PR branch and runs the scripts within, doesn't it?
Ahh, yes, in fact thats what Github were warning about, by default the action can do anything, so what CI can do should be restricted (by the Geany security expert team ;-) and then we are back to the original position where normal people can't modify CI, sigh, I hate security issues.