What is the scope of galaxy-ng tokens?

The title pretty much says it all: What is the scope of galaxy-ng tokens?

I am publishing a collection to an organization namespace through GitHub Actions.
For that I generated a token under Collections -> API token and put it in the GitHub secrets. Now, is this token a personal one? I figure “yes”, but that would mean, everyone with access to the GitHub actions and their configuration can publish to my personal namespace as well as to the organizations name, correct?

If my assumptions are correct, and I am putting my good name on the line, is there a better way to do this? Is there something on the roadmap, alternatively?

Thanks and have a great day everyone!