Steal any user in your orgs private GitHub token by pointing the GH integration at an attacker controlled GHE instance