policy name: runner_group_not_limited_to_selected_repositories
Not limiting the runner group to selected repositories allows any user in the organization to execute workflows on the group’s runners. In case of inadequate security measures implemented on the hosted runner, malicious insider could create a repository with a workflow that exploits the runner’s vulnerabilities to move laterally inside your network.
Hosted runners are usually part of the organization’s private network and can be easily misconfigured. If the hosted runner is insecurely configured, any user in the organization could: