From 737e24a347db9a7ac14a36b81372bf163c91143f Mon Sep 17 00:00:00 2001
From: Adnan Khan <AdnaneKhan@users.noreply.github.com>
Date: Tue, 21 Oct 2025 14:49:32 -0400
Subject: [PATCH 1/2] ci: scope down permissions for closed-issue-message.yml

---
 .github/workflows/closed-issue-message.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/closed-issue-message.yml b/.github/workflows/closed-issue-message.yml
index 8cb2db494c..7a792941c8 100644
--- a/.github/workflows/closed-issue-message.yml
+++ b/.github/workflows/closed-issue-message.yml
@@ -2,6 +2,9 @@ name: Closed Issue Message
 on:
   issues:
     types: [closed]
+permissions:
+  issues: write
+
 jobs:
   auto_comment:
     runs-on: ubuntu-latest

From e956daa159333543df42a2b8e43631d7cfeec33d Mon Sep 17 00:00:00 2001
From: Adnan Khan <AdnaneKhan@users.noreply.github.com>
Date: Tue, 21 Oct 2025 14:49:34 -0400
Subject: [PATCH 2/2] ci: scope down permissions for run-pr-e2e.yaml

---
 .github/workflows/run-pr-e2e.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/run-pr-e2e.yaml b/.github/workflows/run-pr-e2e.yaml
index eb6422c0f1..21af8910a3 100644
--- a/.github/workflows/run-pr-e2e.yaml
+++ b/.github/workflows/run-pr-e2e.yaml
@@ -4,6 +4,9 @@ on:
   pull_request:
     types: [labeled]
 
+permissions:
+  contents: read
+
 jobs:
   run-pr-e2e:
     runs-on: ubuntu-latest