diff --git a/src/pentesting-cloud/gcp-security/gcp-basic-information/gcp-federation-abuse.md b/src/pentesting-cloud/gcp-security/gcp-basic-information/gcp-federation-abuse.md
index 5eeabadff..0b0068fdc 100644
--- a/src/pentesting-cloud/gcp-security/gcp-basic-information/gcp-federation-abuse.md
+++ b/src/pentesting-cloud/gcp-security/gcp-basic-information/gcp-federation-abuse.md
@@ -86,13 +86,17 @@ poolId=$(gcloud iam workload-identity-pools describe $poolName \
   --location global \
   --format='get(name)')
 
-gcloud iam workload-identity-pools providers create-oidc $poolName \
-  --project="${projectId}" \
+gcloud iam workload-identity-pools providers create-oidc "$poolName" \
+  --project="$projectId" \
   --location="global" \
   --workload-identity-pool="$poolName" \
-  --display-name="Demo provider" \
-  --attribute-mapping="google.subject=assertion.sub,attribute.actor=assertion.actor,attribute.aud=assertion.aud" \
-  --issuer-uri="https://token.actions.githubusercontent.com"
+  --display-name="CTF provider" \
+  --issuer-uri="https://token.actions.githubusercontent.com" \
+  --attribute-mapping="google.subject=assertion.sub,\
+attribute.actor=assertion.actor,\
+attribute.repository=assertion.repository,\
+attribute.aud=assertion.aud" \
+  --attribute-condition="assertion.repository_owner!=''"
 
 providerId=$(gcloud iam workload-identity-pools providers describe $poolName \
   --location global \
@@ -136,9 +140,9 @@ jobs:
         uses: "google-github-actions/auth@v2.1.3"
         with:
           create_credentials_file: "true"
-          workload_identity_provider: "${providerId}" # In the providerId, the numerical project ID (12 digit number) should be used
-          service_account: "${saId}" # instead of the alphanumeric project ID. ex:
-          activate_credentials_file: true # projects/123123123123/locations/global/workloadIdentityPools/iam-lab-7-gh-pool/providers/iam-lab-7-gh-pool-oidc-provider'
+          workload_identity_provider: "${providerId}" # In the providerId, the numerical project ID (12 digit number) should be used instead of the alphanumeric project ID. ex: projects/123123123123/locations/global/workloadIdentityPools/iam-lab-7-gh-pool/providers/iam-lab-7-gh-pool-oidc-provider'
+          service_account: "${saId}" # <sa-name>@<proj-id>.iam.gserviceaccount.com
+          activate_credentials_file: true
       - id: "gcloud"
         name: "gcloud"
         run: |-