Wow, I feel incredibly stupid about this.

So, it's asking me to find the employee accidentally sending a commit with their personal email address. I know you have to provide an email in `git`, but I didn't put too much thought into this.

I ended up opening the security-evaluation-workflow epository in GitHub desktop and immediately noticed a commit with keeber-tiffany's profile picture, but authored by flag{2c90416c24a91a9e1eb18168697e8ff5}... okay, we have our flag, but I couldn't find the email address anywhere. I thought perhaps I would format this as an email address later, given that it was mentioned later that this email is needed.

This is not the case, though. As you can see at a better writeup from github.com/drewd314/Nahamcon-CTF-2022-Keeber-OSINT-Writeups/blob/main/Keeber.md, there was also an email address associated with this commit, and I legitimately didn't know what tool to use...

That's a learning experience, I guess :)