The custom-image-* workflows trigger on any push with no branches: filter, check out the pushed ref, and run repo-local scripts (./scripts/clean-storage-linux.sh / clean-storage-win.ps1) on persistent self-hosted runners (unreal-image-creating-runner-*) whose disk is captured via snapshot: into a base image reused by future jobs. A contributor with write access can push a modified script to any feature branch to execute code on the runner before the snapshot boundary, persistently poisoning every downstream runner image. Add a branches: [main] filter so only trusted refs build the images.