I am in the same situation, I used Jekyll SEO plugin, at least I left some Javascript files and someone registered my site with ftp subdomain. I think they either find a way to fake the existence of any uploaded file, and then they can verify the ownership of the domain, or a lot of Godaddy passwords are leaked. I also had ftp. registered in Godaddy and I cannot recall if I did it at all. Of course at Godaddy the domain audit is an extra fee what I didn't ask in the past, so I cannot see if that was me or someone else.
Currently I use this Gemfile, I know they are a bit outdated.
gem "github-pages", "= 228"
gem "jekyll-include-cache", "= 0.2.1"
gem "jekyll-octicons", "~> 14.2"
Also, I noticed that my github pages are not verified, which is weird since I do remember that I set the TXT record. Maybe when github renamed master to main around 2023, those records are removed.
See https://medium.com/@jehy/hijacking-domain-using-github-pages-41c80ac57523
Edited. Later I deleted the ftp CNAME then I registered the http://ftp. in the search console and remove the intruder.
Another of this topic. https://news.ycombinator.com/item?id=19566075