diff --git a/.github/workflows/update-submodule-files.yml b/.github/workflows/update-submodule-files.yml
index c5aca5e..31b4c35 100644
--- a/.github/workflows/update-submodule-files.yml
+++ b/.github/workflows/update-submodule-files.yml
@@ -22,6 +22,13 @@ jobs:
           ref: ${{ github.event.pull_request.head.sha }}
           submodules: true
 
+      - name: Validate PR source branch
+        run: |
+          if [[ ${{ github.event.pull_request.head.repo.full_name }} != '${{ github.repository }}' ]]; then
+            echo "Untrusted repository detected! Exiting.";
+            exit 1;
+          fi
+
       - name: Import GPG key
         uses: crazy-max/ghaction-import-gpg@v6
         with: