From 9768deccd51a1417c3681e487287f57c456a766b Mon Sep 17 00:00:00 2001
From: Andras Bacsai <5845193+andrasbacsai@users.noreply.github.com>
Date: Thu, 25 Sep 2025 11:15:17 +0200
Subject: [PATCH] chore(workflow): update pull request trigger to
 pull_request_target and refine permissions for enhanced security

---
 .github/workflows/chore-pr-comments.yml | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/chore-pr-comments.yml b/.github/workflows/chore-pr-comments.yml
index f20729346..8836c6632 100644
--- a/.github/workflows/chore-pr-comments.yml
+++ b/.github/workflows/chore-pr-comments.yml
@@ -1,6 +1,6 @@
 name: Add comment based on label
 on:
-  pull_request:
+  pull_request_target:
     types:
       - labeled
 jobs:
@@ -8,6 +8,15 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       pull-requests: write
+      contents: read
+      actions: none
+      checks: none
+      deployments: none
+      issues: none
+      packages: none
+      repository-projects: none
+      security-events: none
+      statuses: none
     strategy:
       matrix:
         include: