diff --git a/.github/workflows/hypatia-scan.yml b/.github/workflows/hypatia-scan.yml
index 2755c53..b910785 100644
--- a/.github/workflows/hypatia-scan.yml
+++ b/.github/workflows/hypatia-scan.yml
@@ -22,9 +22,13 @@ permissions:
   contents: read
   security-events: write
   pull-requests: write
+  # The standards reusable declares actions:read; a caller permissions
+  # block that omits it pins actions to `none`, so the reusable's request
+  # exceeds the grant and the run dies as `startup_failure` (no jobs).
+  actions: read
 
 jobs:
   hypatia:
-    uses: hyperpolymath/standards/.github/workflows/hypatia-scan-reusable.yml@5eb28d7d8790d5389b7b6a5233fe6265a775e3d0
+    uses: hyperpolymath/standards/.github/workflows/hypatia-scan-reusable.yml@8e6ba7d4a0890d25425855a77404d4690d0ab4b5  # standards #380; repin from a 0-jobs stale ref (paired with actions:read above)
     timeout-minutes: 10
     secrets: inherit