Yes it is a GitHub actions cache poisoning attack

Almost all these recent compromises seem to involve either cache poisoning or prompt injection via untrusted variables.