From 48be222eb75dbfe6c787b1876f9e172c87f95ee1 Mon Sep 17 00:00:00 2001
From: Frank Elsinga <frank@elsinga.de>
Date: Wed, 14 Jan 2026 14:16:16 +0100
Subject: [PATCH] Update
 .github/workflows/mark-as-draft-on-requesting-changes.yml

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 .github/workflows/mark-as-draft-on-requesting-changes.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/mark-as-draft-on-requesting-changes.yml b/.github/workflows/mark-as-draft-on-requesting-changes.yml
index 92efb2899..99e8384e4 100644
--- a/.github/workflows/mark-as-draft-on-requesting-changes.yml
+++ b/.github/workflows/mark-as-draft-on-requesting-changes.yml
@@ -1,7 +1,7 @@
 name: Mark PR as draft when changes are requested
 
 # pull_request_target is safe here because:
-# 1. Only uses a pinned trusted action (by SHA)
+# 1. Does not use any external actions; only uses the GitHub CLI via run commands
 # 2. Has minimal permissions
 # 3. Doesn't checkout or execute any untrusted code from PRs
 # 4. Only adds/removes labels or changes the draft status