diff --git a/src/pentesting-ci-cd/github-security/abusing-github-actions/README.md b/src/pentesting-ci-cd/github-security/abusing-github-actions/README.md
index 8d8a23b57..f72aa1f76 100644
--- a/src/pentesting-ci-cd/github-security/abusing-github-actions/README.md
+++ b/src/pentesting-ci-cd/github-security/abusing-github-actions/README.md
@@ -535,13 +535,6 @@ Practical implications during an assessment:
 - Treat `ACTIONS_ID_TOKEN_REQUEST_URL`, `ACTIONS_ID_TOKEN_REQUEST_TOKEN`, runner memory, and CLI token caches as **equivalent credential sources** once code execution is obtained in the release context.
 - Do not assume `npm audit signatures` / provenance verification will detect a package built by a **compromised but legitimate** workflow.
 
-**Mitigations**
-
-- Keep untrusted workflows and release workflows on **separate cache namespaces** and never restore executable tooling from a cache written by PR-triggerable jobs.
-- Minimize `id-token: write` to the exact publish step/job and avoid exposing OIDC-capable helpers earlier in the workflow.
-- Rebuild/rehash restored binaries or download them from a verified source before execution; do not execute toolchains directly from cache paths.
-- Treat provenance as an **origin signal**, not a standalone safety signal; combine it with workflow hardening, dependency diffing, and runtime validation.
-
 ### Artifact Poisoning
 
 Workflows could use **artifacts from other workflows and even repos**, if an attacker manages to **compromise** the Github Action that **uploads an artifact** that is later used by another workflow he could **compromise the other workflows**: