From a56f5740f9a02a65c02488645d4814994701d999 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Wed, 20 May 2026 12:23:04 +0000
Subject: [PATCH] Clarify GH_AW_GITHUB_TOKEN scope in dependency review docs

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---
 gh-agent-workflows/dependency-review/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gh-agent-workflows/dependency-review/README.md b/gh-agent-workflows/dependency-review/README.md
index 65caab5d..33afde3a 100644
--- a/gh-agent-workflows/dependency-review/README.md
+++ b/gh-agent-workflows/dependency-review/README.md
@@ -36,7 +36,7 @@ See [example.yml](example.yml) for the full workflow file.
 | Secret | Description | Required |
 | --- | --- | --- |
 | `COPILOT_GITHUB_TOKEN` | GitHub Copilot PAT for AI engine authentication | Yes |
-| `GH_AW_GITHUB_TOKEN` | Ephemeral token (e.g. a GitHub App token) used for PR labeling safe outputs. When provided, labels applied by this workflow will trigger downstream label-based workflows. When omitted, the built-in `GITHUB_TOKEN` is used, which does not re-trigger other workflows. | No |
+| `GH_AW_GITHUB_TOKEN` | Optional ephemeral token (e.g. a GitHub App token) used as a general GitHub auth fallback in this workflow, including PR labeling safe outputs. When provided, labels applied by this workflow can trigger downstream label-based workflows. When omitted, the built-in `GITHUB_TOKEN` is used for labeling, which does not re-trigger other workflows. | No |
 
 ## Safe Outputs