diff --git a/.github/workflows/agentscan.yml b/.github/workflows/agentscan.yml
index c08efdc..75e210b 100644
--- a/.github/workflows/agentscan.yml
+++ b/.github/workflows/agentscan.yml
@@ -4,6 +4,10 @@ on:
   pull_request:
     types: [opened, reopened]
 
+permissions:
+  pull-requests: write
+  contents: read
+
 jobs:
   agentscan:
     runs-on: ubuntu-latest
@@ -11,3 +15,5 @@ jobs:
       - uses: actions/checkout@v4
       - name: AgentScan
         uses: MatteoGabriele/agentscan-action@v1.0.1
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/README.md b/README.md
index 286305e..7fa26a8 100644
--- a/README.md
+++ b/README.md
@@ -1,9 +1,11 @@
 # AgentScan
+
 An open experiment in detecting automation patterns on GitHub.
 
 ## Why this?
 
 I didn't expect to build this website, but ended up creating it after reading multiple articles and seeing open source maintainers struggling with AI agents targeting their projects.
+
 - https://socket.dev/blog/ai-agent-lands-prs-in-major-oss-projects-targets-maintainers-via-cold-outreach
 - https://tylur.blog/harmful-prs/
 - https://theshamblog.com/an-ai-agent-published-a-hit-piece-on-me/