diff --git a/.github/workflows/changelog-radar.yml b/.github/workflows/changelog-radar.yml
index aad0cbb..ca8d5fa 100644
--- a/.github/workflows/changelog-radar.yml
+++ b/.github/workflows/changelog-radar.yml
@@ -16,8 +16,10 @@ jobs:
     permissions:
       issues: write
     steps:
-      - uses: actions/checkout@v4
-      - uses: pnpm/action-setup@v4
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+        with:
+          persist-credentials: false
+      - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v4.4.0
       - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
         with:
           node-version: 24
diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml
index 3306726..b175821 100644
--- a/.github/workflows/publish-release.yml
+++ b/.github/workflows/publish-release.yml
@@ -14,7 +14,9 @@ jobs:
       contents: read
     steps:
       - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
-        with: { fetch-depth: 0 }
+        with:
+          fetch-depth: 0
+          persist-credentials: false
       - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v4.4.0
       - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
diff --git a/.github/workflows/update-competitive-matrix.yml b/.github/workflows/update-competitive-matrix.yml
index 8ea0d31..dd8eae1 100644
--- a/.github/workflows/update-competitive-matrix.yml
+++ b/.github/workflows/update-competitive-matrix.yml
@@ -20,6 +20,8 @@ jobs:
       pull-requests: write
     steps:
       - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+        with:
+          persist-credentials: false
       - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v4.4.0
       - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
@@ -41,6 +43,12 @@ jobs:
             echo "changed=true" >> $GITHUB_OUTPUT
           fi
 
+      - name: Configure git credentials
+        if: steps.changes.outputs.changed == 'true'
+        run: |
+          git config --local --unset-all http.https://github.com/.extraheader || true
+          git config --local url."https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/".insteadOf "https://github.com/"
+
       - name: Create PR
         if: steps.changes.outputs.changed == 'true'
         env:
diff --git a/.github/zizmor.yml b/.github/zizmor.yml
index dbb4510..3d69121 100644
--- a/.github/zizmor.yml
+++ b/.github/zizmor.yml
@@ -5,12 +5,6 @@
 
 rules:
   # ─── artipacked ────────────────────────────────────────────────────────
-  # These workflows push back to the repo (commits / tags / branches)
-  # using the default `GITHUB_TOKEN`, so `persist-credentials: false` is not
-  # an option. The token is scoped per-job and the workflows only run on the
-  # `main` branch or via `workflow_dispatch`, never on untrusted PR HEADs.
-  # Note: fix-drift.yml now uses persist-credentials: false with scoped
-  # url.insteadOf injection before push, so it no longer needs suppression.
   artipacked:
     ignore:
       # Dependabot auto-merge: uses pull_request_target for write token.
@@ -19,8 +13,6 @@ rules:
       # Dependabot major analysis: uses pull_request_target for PR comments.
       # Does NOT checkout PR code. Actor-gated to dependabot[bot].
       - dependabot-major-analysis.yml
-      - publish-release.yml
-      - update-competitive-matrix.yml
 
   # ─── dangerous-triggers ────────────────────────────────────────────────
   # `notify-pr.yml` uses `pull_request_target` intentionally: it needs