This project is built on markdown and it is not impossible that a malicious actor could somehow embed malware in the markdown or subvert the a process. If you find anything suspicious in either the markdown or pipeline scripts then let us know ASAP and we will fix it as a priority.
Open a security advisory and this will be provided only to the project's admins and in strict confidence.