Train developers on config-file risk. Configuration files are executable policy, not scaffolding. A single added line in a YAML pipeline can be as dangerous as a new binary dependency. Security ...