diff --git a/.github/workflows/image-minimizer.yml b/.github/workflows/image-minimizer.yml
index 3a7aaf6d..6546b9b0 100644
--- a/.github/workflows/image-minimizer.yml
+++ b/.github/workflows/image-minimizer.yml
@@ -1,3 +1,6 @@
+# This workflow has write permissions on the repo
+# It MUST NOT check out a PR and run untrusted code
+ 
 name: Image Minimizer
 
 on:
@@ -5,7 +8,7 @@ on:
     types: [created, edited]
   issues:
     types: [opened, edited]
-  pull_request:
+  pull_request_target:
     types: [opened, edited]
 
 permissions:
@@ -19,8 +22,6 @@ jobs:
       pull-requests: write
 
     steps:
-      - uses: actions/checkout@v3
-
       - uses: actions/setup-node@v3
         with:
           node-version: 16