diff --git a/.github/workflows/comment-pr.yml b/.github/workflows/comment-pr.yml
index f6856c9d0e..ec61dcb0be 100644
--- a/.github/workflows/comment-pr.yml
+++ b/.github/workflows/comment-pr.yml
@@ -9,6 +9,8 @@ on:
     workflows: ["receive-pr"]
     types:
       - completed
+permissions:
+  actions: read
 
 jobs:
   post-suggestions:
diff --git a/.github/workflows/pitest-update-pr.yml b/.github/workflows/pitest-update-pr.yml
index a6383e6ce0..1a09261f44 100644
--- a/.github/workflows/pitest-update-pr.yml
+++ b/.github/workflows/pitest-update-pr.yml
@@ -37,7 +37,7 @@ jobs:
           java-distribution: temurin
           maven-version: 3.9.9
       - name: Download Pitest analysis artifact
-        uses: dawidd6/action-download-artifact@`09f2f74827fd3a8607589e5ad7f9398816f540fe # v3.1.4
+        uses: dawidd6/action-download-artifact@09f2f74827fd3a8607589e5ad7f9398816f540fe # v3.1.4
         with:
           workflow: ${{ github.event.workflow_run.workflow_id }}
           name: pitest-reports
diff --git a/.github/workflows/receive-pr.yml b/.github/workflows/receive-pr.yml
index 43eb63f500..1ff348b676 100644
--- a/.github/workflows/receive-pr.yml
+++ b/.github/workflows/receive-pr.yml
@@ -9,7 +9,8 @@ on:
     types: [opened, synchronize]
     branches:
       - master
-
+permissions:
+  actions: read
 concurrency:
   group: '${{ github.workflow }} @ ${{ github.ref }}'
   cancel-in-progress: true
@@ -19,7 +20,7 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 10
     steps:
-      - name: Name.
+      - name: XXX add name.
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           ref: ${{github.event.pull_request.head.ref}}