I agree, but GitHub must fix the security nightmare that is waiting to happen with GitHub actions marketplace. Seems like this would be such an easy fix, too.
>>hn_thr+(OP)
Organizations can enforce that their repos use only actions that are within the repo, making the build more secure, controlled and auditable.