Your organization uses GitHub Actions for CI/CD. You need to ensure that secrets stored in GitHub are not exposed in logs. A developer reports that a secret value appeared in the workflow run log. What is the most likely reason?
Manual echo or printing of secret values can bypass masking if not handled correctly.
Why this answer
Option D is correct because GitHub Actions automatically masks secrets in logs, but if a secret is explicitly printed or used in a way that bypasses masking (e.g., using echo with variable substitution), it may appear. Option A is wrong because the log level does not affect masking. Option B is wrong because secret names are not masked, only values.
Option C is wrong because the trigger does not affect logging.