From 86f43ed3c7e3bb5d2cb852949f645c875e468568 Mon Sep 17 00:00:00 2001
From: Kylie Stradley <4666485+KyFaSt@users.noreply.github.com>
Date: Tue, 21 Jan 2025 21:30:55 -0500
Subject: [PATCH] Add Recommended Permissions

To reduce risk of over-privileged tokens, we are adding recommended permissions to popular GitHub-owned Actions READMEs
---
 README.md | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/README.md b/README.md
index 0550d7b..89aada2 100644
--- a/README.md
+++ b/README.md
@@ -251,3 +251,10 @@ If you must preserve permissions, you can `tar` all of your files together befor
     name: my-artifact
     path: my_files.tar
 ```
+
+# Recommended Permissions
+
+The `actions/download-artifact` workflow relies on an internal authentication pattern and does not use the GITHUB_TOKEN, to reduce risk of over-privileged token, jobs that use `actions/download-artifact` should set permissions to none:
+
+```yaml
+perm