At the moment GitHub only has two options for which PRs will be automatically run on a repository's actions without a manual approval: everyone but first time contributors, or only contributors.
This means if someone has a trivial PR accepted, they can run malicious PRs. This is non-ideal on git-hosted runners, and a serious concern on self-hosted runners.
Requiring manual approval of runs from everyone but committers will be too onerous, but the bot could apply rules to pre-handle all but ambiguous cases.
At the moment GitHub only has two options for which PRs will be automatically run on a repository's actions without a manual approval: everyone but first time contributors, or only contributors. This means if someone has a trivial PR accepted, they can run malicious PRs. This is non-ideal on git-hosted runners, and a serious concern on self-hosted runners.
Scrolling down to "Public Repository Warning" in https://www.ideasawakened.com/post/radauthenticator-part-4-build-automation-with-delphi-and-github-by-installing-a-self-hosted-runner has a good discussion of the issue.
Requiring manual approval of runs from everyone but committers will be too onerous, but the bot could apply rules to pre-handle all but ambiguous cases.