Normally this tool helps developers detect file changes in a repository, but a GitHub advisory says the change executes a malicious Python script that allows remote attackers to discover secrets ...