Workflow runs triggered by {% data variables.product.prodname_dependabot %} pull requests run as if they are from a forked repository, and therefore use a read-only GITHUB_TOKEN. These workflow runs cannot access any secrets. For information about strategies to keep these workflows secure, see "AUTOTITLE."