This is actually a somewhat potentially nefarious move by Nvidia to protect its market share while being dressed up as good PR: Nvidia absolutely does not want a glut of cheap GPUs hitting the market and impacting its gaming market. By blocking mining and selling crippled mining-only rigs, they still capture that sweet, sweet crypto money while diverting resources to serve that market, reap the positive PR of "we're not selling our cards to miners, we're serving the gamer market!", and prevent those cards from glutting the gaming market later if/when crypto tanks.

You can already do that today; just write an Action to do that and use GitHub's runners to do whatever you want. There is no need to use another GitHub user's CI to execute arbitrary code: you can just write your own workflow to do it and run it for free.

The only GitHub servers executing GitHub Actions are fresh CI agents; users are allowed to execute arbitrary code on those anyhow. The actual danger is untrusted code executing in the context of a user's CI context which can allow user secrets to be exfiltrated and used, or if you can execute code on an organization's trusted runners that have secrets on the runner itself.

GitHub Actions is a CI tool that executes a yaml file that describes the things to be performed to do interesting work such as building your bits and publishign them to a package provider or managing issues on GitHub itself. The file contains directives to perform interesting tasks in a composable way: you can make a self-contained "action" that executes using inputs to perform these tasks and sets outputs for future actions. Actions uses an in-band control mechanism to do things like set environment variables that can be then consumed by future tasks in the workflow, simply writing to stdout.

Their proof of concept to get to arbitrary code execution is:

##[set-env name=NODE_OPTIONS;]--experimental-modules --experimental-loader=data:text/javascript,console.log(Buffer.from(JSON.stringify(process.env)).toString('hex'));//"

If your action writes that string to STDOUT, future actions can be poisoned and execute arbitrary code. So if you can sneak that string into say, an issue title and then get the issue title to be output by a naive action to STDOUT then the next action that executes using nodejs will execute the payload.

The consequence of this is that if you can get it to run in the context of a juicy repository you can compromise secrets that are stored in GitHub to do things such as upload bits to a package manager when CI is run.