Actions secrets UI should show explicit error when custom secret name uses reserved `GITHUB_` prefix

[mikekistler]

What happened

When adding a repository secret in GitHub Actions with a name that starts with GITHUB_ (for example GITHUB_PAT), the UI appears to accept submission but the secret does not appear afterward.

Why this is a problem

This is confusing and looks like a save failure. Users can spend time debugging workflow auth issues before realizing the secret name itself is restricted.

Reproduction steps

1. Go to Repository Settings → Secrets and variables → Actions.
2. Click New repository secret.
3. Enter secret name GITHUB_PAT and any value.
4. Click Add secret.
5. Observe the secret does not appear in the list.

Expected behavior

Show an explicit validation error before save, for example:

Secret names cannot start with reserved prefix GITHUB_.

Actual behavior

No clear inline or post-submit error indicating the reserved-prefix restriction.

Suggested fix

• Add client-side and server-side validation for reserved secret prefixes.
• Display a clear error message with allowed naming guidance.
• Optionally link to docs on reserved secret/environment variable names.

Context

This surfaced while setting up a workflow where we intentionally map a custom PAT secret into GITHUB_TOKEN at runtime, and GITHUB_PAT seemed like the natural secret name.

[welcome]

Thanks for opening this issue. A GitHub docs team member should be by to give feedback soon. In the meantime, please check out the contributing guidelines.

[GIV4-Lia8]

Clasificación de secretos tal vez sería buena opción
Igual poder el público y las veces que se puede acceder al secreto