Update data/reusables/actions/workflow-run-permissions-warning.md

Sharra-writes · web-flow · commit ba5b0c4af171 · 2025-09-12T11:18:50.000-07:00
diff --git a/data/reusables/actions/workflow-run-permissions-warning.md b/data/reusables/actions/workflow-run-permissions-warning.md
@@ -1,2 +1,2 @@
 > [!WARNING]
-> Workflows triggered by the `workflow_run` event are privileged (i.e. they share the same cache of the main branch with other privileged workflow triggers, may have repository write access and access to referenced secrets). You should make sure that you do not check out, build, or run untrusted code from the pull request or other untrusted sources with this event. The workflow shares the same cache as the other privileged workflows running in the context of the main branch. Running untrusted code on this trigger may lead to cache poisoning. For more information, see [Understanding the risks of untrusted code checkout](/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions#understanding-the-risks-of-untrusted-code-checkout) in the Security Hardening for {% data variables.product.prodname_actions %} documentation and [Keeping your {% data variables.product.prodname_actions %} and workflows secure: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests) on the GitHub Security Lab website.
+> Workflows triggered by the `workflow_run` event are privileged (i.e. they share the same cache of the main branch with other privileged workflow triggers, may have repository write access and access to referenced secrets). You should make sure that you do not check out, build, or run untrusted code from the pull request or other untrusted sources with this event. The workflow shares the same cache as the other privileged workflows running in the context of the main branch. Running untrusted code on this trigger may lead to cache poisoning. For more information, see [Understanding the risks of untrusted code checkout](/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions#understanding-the-risks-of-untrusted-code-checkout) in the Security Hardening for {% data variables.product.prodname_actions %} documentation and [Keeping your {% data variables.product.prodname_actions %} and workflows secure: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests) on the {% data variables.product.prodname_security %} website.

Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,2 @@`
`1`	`1`	`> [!WARNING]`
`2`		-> Workflows triggered by the `workflow_run` event are privileged (i.e. they share the same cache of the main branch with other privileged workflow triggers, may have repository write access and access to referenced secrets). You should make sure that you do not check out, build, or run untrusted code from the pull request or other untrusted sources with this event. The workflow shares the same cache as the other privileged workflows running in the context of the main branch. Running untrusted code on this trigger may lead to cache poisoning. For more information, see [Understanding the risks of untrusted code checkout](/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions#understanding-the-risks-of-untrusted-code-checkout) in the Security Hardening for {% data variables.product.prodname_actions %} documentation and [Keeping your {% data variables.product.prodname_actions %} and workflows secure: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests) on the GitHub Security Lab website.
	`2`	+> Workflows triggered by the `workflow_run` event are privileged (i.e. they share the same cache of the main branch with other privileged workflow triggers, may have repository write access and access to referenced secrets). You should make sure that you do not check out, build, or run untrusted code from the pull request or other untrusted sources with this event. The workflow shares the same cache as the other privileged workflows running in the context of the main branch. Running untrusted code on this trigger may lead to cache poisoning. For more information, see [Understanding the risks of untrusted code checkout](/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions#understanding-the-risks-of-untrusted-code-checkout) in the Security Hardening for {% data variables.product.prodname_actions %} documentation and [Keeping your {% data variables.product.prodname_actions %} and workflows secure: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests) on the {% data variables.product.prodname_security %} website.