Enabling this workflow makes it run on every fork PR (including 'edited'/'labeled' events) under `pull_request_target`, which carries the target repo's secrets. It calls `getsentry/craft/.github/workflows/changelog-preview.yml` with `secrets: inherit`, forwarding ALL repository/organization secrets to that external reusable workflow. If the called workflow checks out PR head code, evaluates attacker-controlled inputs (e.g. PR title/body) inside `run:` blocks, or uses any local action that a fork could override, an external attacker opening a fork PR could exfiltrate the inherited secrets. The action is pinned to a full SHA (good), and permissions are constrained to `contents: read`/`pull-requests: write`/`statuses: write`, which limits but does not eliminate blast radius (PR write enables comment-based exfil/poisoning). Verification of `getsentry/craft@bae212c` is required — it is in another repo and out of scope for this review per the skill.