diff --git a/.github/workflows/validate-pull-request.yaml b/.github/workflows/validate-pull-request.yaml
index 816997c4..a486dd6f 100644
--- a/.github/workflows/validate-pull-request.yaml
+++ b/.github/workflows/validate-pull-request.yaml
@@ -9,6 +9,9 @@ on:
       review-state:
         required: false
         type: string
+    secrets:
+      GH_TOKEN:
+        required: true
 
 jobs:
   validate-pr:
@@ -27,6 +30,6 @@ jobs:
         working-directory: ${{ github.workflow }}
         run: pipenv run python validate-pull-request
         env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GH_TOKEN: ${{ secrets.GH_TOKEN }}
           NUMBER: ${{ inputs.number }}
           REVIEW_STATE: ${{ inputs.review-state }}
diff --git a/.github/workflows/verify-new-contributor.yaml b/.github/workflows/verify-new-contributor.yaml
index 8e34807d..fabdf292 100644
--- a/.github/workflows/verify-new-contributor.yaml
+++ b/.github/workflows/verify-new-contributor.yaml
@@ -10,7 +10,8 @@ on:
 jobs:
   validate-pr-review-state:
     uses: ocadotechnology/codeforlife-workspace/.github/workflows/validate-pull-request/workflow.yaml@new_contributor_validations # TODO: use @main
-    secrets: inherit
+    secrets:
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     with:
       number: ${{ inputs.pull-request-number }}
       review-state: APPROVED