> Surprisingly enough, GitHub Actions with read-only permissions still receive a cache write token, allowing cache poisoning, so they are not safe to run untrusted code.

What are solutions to this and their tradeoffs?

1. Disallow cache write access to read-only actions

2. Stack caches such that read only action cache writes don't affect the cache for read-write actions

edit: What else would solve?