The “include symlink” was a major concern for GitHub as one could access for instance /etc/password on your server through that vulnerability. we had to report the issue to let know all companies (CloudCannon, SiteLeaf, Netlify, and al) and people hosting jekyll websites about this security issue.
You could host your repo on GitHub and host your Jekyll’s site elsewhere, so GitHub has to warn you. If you run Jekyll on GitHub Pages, you are fine as they patched and bump gems to latest versions. GitHub Pages ignores your Gemfile during build anyway.
If you run Jekyll on your server you should be concerned though.