In this talk, we present a tool designed to perform large-scale scanning of GitHub repositories to identify potential expression injection vulnerabilities within their workflow files. Our system efficiently scrapes repositories, concurrently pulling and analysing workflow configurations for insecure patterns. Through this mining process, we have discovered that expression injection vulnerabilities are surprisingly prevalent, even among popular projects, and often go unnoticed. We have reached out to affected vendors for remediation and hypothesis this prevalence attributed to a lack of in detection mechanisms and key documentation on GitHub’s end. Additionally, we found that even when vulnerabilities are patched, they can be easily reintroduced by interpolating sanitised values. Our findings underscore the need for better tooling and awareness around securing GitHub workflows. Finally, we make our tool available to open-source for both blue and red team security researchers to benefit from.