diff --git a/.github/workflows/close-incorrect-issue.yml b/.github/workflows/close-incorrect-issue.yml
index 8c50345cc..aa7113ed7 100644
--- a/.github/workflows/close-incorrect-issue.yml
+++ b/.github/workflows/close-incorrect-issue.yml
@@ -3,10 +3,13 @@ name: Close Incorrect Issue
 on:
   issues:
     types: [opened]
+permissions: {}
 
 jobs:
   close-incorrect-issue:
     runs-on: ${{ matrix.os }}
+    permissions:
+      issues: write
 
     strategy:
       matrix:
@@ -22,4 +25,7 @@ jobs:
       with:
         node-version: ${{ matrix.node-version }}
     - run: npm ci
-    - run: node extra/close-incorrect-issue.js ${{ secrets.GITHUB_TOKEN }} ${{ github.event.issue.number }} ${{ github.event.issue.user.login }}
+    - name: Close incorrect issue
+      run: node extra/close-incorrect-issue.js ${{ secrets.GITHUB_TOKEN }} ${{ github.event.issue.number }} "$ISSUE_USER_LOGIN"
+      env:
+        ISSUE_USER_LOGIN: ${{ github.event.issue.user.login }}
diff --git a/.github/workflows/conflict_labeler.yml b/.github/workflows/conflict_labeler.yml
index a2a4d9a42..65634d11e 100644
--- a/.github/workflows/conflict_labeler.yml
+++ b/.github/workflows/conflict_labeler.yml
@@ -1,6 +1,11 @@
 name: Merge Conflict Labeler
 
-on:
+# pull_request_target is safe here because:
+# 1. Only uses a pinned trusted action (by SHA)
+# 2. Has minimal permissions (contents: read, pull-requests: write)
+# 3. Doesn't checkout or execute any untrusted code from PRs
+# 4. Only adds/removes labels based on merge conflict status
+on: # zizmor: ignore[dangerous-triggers]
   push:
     branches:
       - master
diff --git a/.github/workflows/prevent-file-change.yml b/.github/workflows/prevent-file-change.yml
index fcb47a659..95f099759 100644
--- a/.github/workflows/prevent-file-change.yml
+++ b/.github/workflows/prevent-file-change.yml
@@ -1,6 +1,11 @@
 name: prevent-file-change
 
-on:
+# pull_request_target is safe here because:
+# 1. Only uses a pinned trusted action (by SHA)
+# 2. Has minimal permissions (pull-requests: read)
+# 3. Doesn't checkout or execute any untrusted code from PRs
+# 4. Only validates that language files (except en.json) aren't modified
+on: # zizmor: ignore[dangerous-triggers]
   pull_request_target:
 permissions: {}