diff --git a/.github/workflows/infisical-secrets-check.yml b/.github/workflows/infisical-secrets-check.yml
index 0cb1d1a..8ec1775 100644
--- a/.github/workflows/infisical-secrets-check.yml
+++ b/.github/workflows/infisical-secrets-check.yml
@@ -12,6 +12,9 @@ jobs:
   
   secrets-scan:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
     steps:
 
       - name: Checkout repo
@@ -33,14 +36,14 @@ jobs:
         run: infisical scan --redact -f csv -r secrets-result.csv 2>&1 | tee >(sed -r 's/\x1b\[[0-9;]*m//g' > secrets-result.log)
 
       - name: Read secrets-result.log
-        uses: guibranco/github-file-reader-action-v2@v2.1.535
+        uses: guibranco/github-file-reader-action-v2@v2.2.583
         if: always()
         id: log
         with:
          path: secrets-result.log
 
       - name: Read secrets-result.log
-        uses: guibranco/github-file-reader-action-v2@v2.1.535
+        uses: guibranco/github-file-reader-action-v2@v2.2.583
         if: failure()
         id: report
         with:
@@ -61,7 +64,7 @@ jobs:
             ```
 
           message-failure: |
-            **Infisical secrets check:** :rotating_light: Secrets leaked!.     
+            **Infisical secrets check:** :rotating_light: Secrets leaked!     
             
             **Scan results:**
             ```
@@ -72,4 +75,4 @@ jobs:
             ${{ steps.report.outputs.contents }}
             ```
           message-cancelled: |
-            **Infisical secrets check:** :o: Secrets check cancelled!.
+            **Infisical secrets check:** :o: Secrets check cancelled!