...
Security
There are a number of potential security problems you have to be aware of. The 3rd-party actions and 3rd-party dependencies are huge security risks if not used appropriately (basically if you are using Actions as the examples suggest you are open for easy exploitation by the Action authors). If you do not securely add the Actions you are ripe to any kind of uncontrolled "write" modifications to your repository (!) by 3rd-party Action owners AND (as we've learned recently) by 3rd-party dependencies you install in your build pipeline. One of the problems caused INFRA action to disable the "direct" use of 3rd-party Actions at the organisation level (see the discussion), but there are many more risks that you have to be aware of.
There are two critical security vulnerability reports opened by Jarek Potiuk 30 December 2020 with GitHub Actions - both of them triaged and awaiting for actions on the GitHub side. GitHub Security Lab who in December encouraged users to post their experiences is engaged as well. Those issues can be all mitigated (Apache Airflow implemented all mitigation) but they are not what most projects do.
Mitigations
If you decide to use GitHub Actions, those are recommendations (there are varying opinions on sub-modules use, though):
...
See GitHub Actions Security for more information.