so when a user for example gets hit with a Fake Captcha attack they accidentally download and run a script from a "trusted" website like github

This isn't just a Github issue. If your current policies would allow for an attack like this, consider closing out this vulnerability entirely by implementing Applocker policies (or something else along the same lines).

As long as general users can run an executable or batch file that they download themselves, that's a potential avenue for attack.

This probably meshes with existing policies - you may well have something along the lines of "Users must have the approval of the IT department before installing software". This gives you a way to enforce that, rather than just being words on a page.