Gitea action runner has a bunch of different ways to setup and doing the isolation properly looks tricky. The documentation doesn't provide any isolation tests to administrators, either.

The biggest mitigation is that gitea documentation discourages you from using action runners from untrusted users. Not flawless security, but it's something...