Attacker is able to query Github repositories of arbitrary Shopify Hydrogen Users