@jlleitschuh any secret that exists inside the Codespace should be considered compromised. The way we prevent lateral movement or privilege escalation today is by injecting a token that is only scoped to the repository. So if a malicious actor convinced you to open a Codespace on their repo, they could steal a token that gave them read/write permissions to that repo, but not any of your other repos.
We do not currently allow users to automatically inject other secrets into a Codespace, but if you manually added other secrets, those would be at risk.
We are working on building a concept of trusted vs untrusted repos which will impact what secrets are injected into the Codespace. If you designate a repo as trusted, it will get access to the repository-scoped GitHub access token as well as any other secrets you’ve specified. But for untrusted repos, it would only get the repository-scoped token.