diff --git a/.github/workflows/add-git-trailers.yml b/.github/workflows/add-git-trailers.yml
index 82785b9..c114600 100644
--- a/.github/workflows/add-git-trailers.yml
+++ b/.github/workflows/add-git-trailers.yml
@@ -18,7 +18,7 @@ jobs:
       github.event.pull_request.base.ref == 'main' &&
       github.event.review.state == 'approved' &&
       (github.event.pull_request.rebaseable == null ||
-      github.event.pull_request.rebaseable == true)
+      github.event.pull_request.rebaseable == true)  
     runs-on: ubuntu-22.04
     steps:
       - name: Harden the runner (Audit all outbound calls)
@@ -41,15 +41,13 @@ jobs:
           ref: ${{ github.event.pull_request.head.sha }}
 
       - name: Append git trailers
-        uses: nubificus/git-trailers@71281069ce88ac3c3c7615181bdbe1d022670000 # main_external
+        uses: nubificus/git-trailers@e3cefe03237a8a33f12ee41a8194bfb03a4d179b # fix_auto_merge
         with:
-          user-info: .github/contributors.yaml
-          token: ${{ steps.generate-token.outputs.token }}
+          user_info: .github/contributors.yaml
 
       - name: Merge PR
         env:
           GH_TOKEN: ${{ steps.generate-token.outputs.token }}
           PR_URL: ${{ github.event.pull_request.html_url }}
         run: |
-          sleep 5
           gh pr merge "$PR_URL" --rebase --admin
diff --git a/.github/workflows/pr-merge.yml b/.github/workflows/pr-merge.yml
index 94c8f37..7436ba2 100644
--- a/.github/workflows/pr-merge.yml
+++ b/.github/workflows/pr-merge.yml
@@ -7,12 +7,17 @@ on:
     branches:
       - 'main-pr*'
 
+permissions:
+  contents: read
+
 jobs:
   add-trailers-and-merge:
     if: |
       github.event.pull_request.merged == true &&
       startsWith(github.event.pull_request.base.ref, 'main-pr')
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
 
     steps:
       - name: Harden the runner (Audit all outbound calls)
@@ -34,10 +39,9 @@ jobs:
           private-key: ${{ secrets.URUNC_BOT_PRIVATE_KEY }}
 
       - name: Append git trailers
-        uses: nubificus/git-trailers@71281069ce88ac3c3c7615181bdbe1d022670000 # main_external
+        uses: nubificus/git-trailers@e3cefe03237a8a33f12ee41a8194bfb03a4d179b # fix_auto_merge
         with:
-          user-info: .github/contributors.yaml
-          token: ${{ steps.generate-token.outputs.token }}
+          user_info: .github/contributors.yaml
 
       - name: Create a Pull Request from PR_BRANCH to main and merge it
         env: