Automatically assinging privileges to repos

Hi folks. The infra team was working in one of its private repos today when we discovered that the repo access had been extended to a number of GitHub collaborative teams. We believe it was probably done by an automated script by a particular user.

Our exposure was fairly limited, and we have revoked & replaced some internal private deployment keys with new ones.

Can everyone double & triple check to make sure that they are not running any GitHub management scripts against private repos? Thanks in advance!