Enabling this workflow makes it run on every fork PR (including 'edited'/'labeled' events) under pull_request_target, which carries the target repo's secrets. It calls getsentry/craft/.github/workflows/changelog-preview.yml with secrets: inherit, forwarding ALL repository/organization secrets to that external reusable workflow. If the called workflow checks out PR head code, evaluates attacker-controlled inputs (e.g. PR title/body) inside run: blocks, or uses any local action that a fork could override, an external attacker opening a fork PR could exfiltrate the inherited secrets. The action is pinned to a full SHA (good), and permissions are constrained to contents: read/pull-requests: write/statuses: write, which limits but does not eliminate blast radius (PR write enables comment-based exfil/poisoning). Verification of getsentry/craft@bae212c is required — it is in another repo and out of scope for this review per the skill.