diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml
index 1fca3addf..ab8b093d3 100644
--- a/.github/workflows/mega-linter.yml
+++ b/.github/workflows/mega-linter.yml
@@ -108,10 +108,13 @@ jobs:
         if: github.ref == 'refs/heads/main' && steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'pull_request' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) && !contains(github.event.head_commit.message, 'skip fix')
         uses: peter-evans/create-pull-request@v8
         with:
-          token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
+          # Prefer the scoped workflow token over a user PAT. In the failing run,
+          # the auto-fix PR push failed with a 403 despite job-level write permissions.
+          token: ${{ github.token }}
           commit-message: "[MegaLinter] Apply linters automatic fixes"
           title: "[MegaLinter] Apply linters automatic fixes"
-          branch: megalinter-fixes
+          # Avoid force-updating a stale or diverged auto-fix branch.
+          branch: megalinter-fixes-${{ github.run_id }}
           labels: bot
           base: main