Add clarification regarding contents permissions

yairm210 · web-flow · commit b854e89156b4 · 2025-06-13T12:28:15.000+03:00
diff --git a/README.md b/README.md
@@ -220,6 +220,8 @@ permissions:
   contents: write
 ```
 
+By default, these permissions are granted on `push` but not on `pr` - and you should be wary of adding them, as they allow [wide access to changing the entire repo's contents](https://docs.github.com/en/rest/authentication/permissions-required-for-github-apps?apiVersion=2022-11-28#repository-permissions-for-contents)
+
 ## Releasing
 
 To release this Action:
