Do not set permissions for jobs with GITHUB_TOKEN in job level env variable #717

	name: Automate PR
	on:
	issues:
	types:
	- labeled

	permissions:
	contents: read

	jobs:
	Automate:
	if: github.event.label.name == 'Automate'
	runs-on: ubuntu-latest
	permissions:
	issues: write
	actions: write

	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
	with:
	egress-policy: audit

	- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 #v4.1.6
	with:
	repository: step-security/secure-repo

	- name: Automate PR
	uses: step-security/secure-repo/Automate-PR@98ff385ea512d8ac7a1445f95e199f6864f439e1
	with:
	github-token: ${{secrets.PAT }}
	issue-id: ${{ github.event.issue.number}}

Provide feedback