diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
index 604d922..4ce55df 100644
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@@ -29,3 +29,7 @@ jobs:
         with:
           min-severity: medium
           min-confidence: medium
+          # Online audits do cross-repo GitHub tag lookups; in CI the default
+          # repository-scoped GITHUB_TOKEN returns 401 for public actions
+          # (e.g. astral-sh/setup-uv). Keep this required gate deterministic.
+          online-audits: false
diff --git a/.github/workflows/tag-release.yml b/.github/workflows/tag-release.yml
index f5ebc38..fbed3ea 100644
--- a/.github/workflows/tag-release.yml
+++ b/.github/workflows/tag-release.yml
@@ -91,6 +91,9 @@ jobs:
         with:
           client-id: ${{ vars.RELEASE_BOT_APP_ID }}
           private-key: ${{ secrets.RELEASE_BOT_PRIVATE_KEY }}
+          # Least privilege: read for checkout, write for Git Data API
+          # content/ref/tag operations (blobs, trees, commits, refs, tags).
+          permission-contents: write
 
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with: