diff --git a/.github/workflows/pr-review-auto-fix.yml b/.github/workflows/pr-review-auto-fix.yml
index a675c553..2cf949c7 100644
--- a/.github/workflows/pr-review-auto-fix.yml
+++ b/.github/workflows/pr-review-auto-fix.yml
@@ -36,6 +36,12 @@ jobs:
               }
             }
 
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          # Use base branch for security - don't execute fork's .claude/commands/
+          ref: ${{ github.event.pull_request.base.sha }}
+
       - name: Run AgentReady Code Review
         uses: anthropics/claude-code-action@v1
         with:
@@ -43,6 +49,17 @@ jobs:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
           allowed_non_write_users: '*'  # Enable reviews on fork PRs
+          settings: |
+            {
+              "permissions": {
+                "allow": [
+                  "Bash(gh pr:*)",
+                  "Bash(gh issue:*)",
+                  "Bash(gh search:*)",
+                  "Bash(git:*)"
+                ]
+              }
+            }
           prompt: |
             Run the /review-agentready command on this pull request.