diff --git a/.github/workflows/hypatia-scan.yml b/.github/workflows/hypatia-scan.yml
index 67aacf9..6ce7514 100644
--- a/.github/workflows/hypatia-scan.yml
+++ b/.github/workflows/hypatia-scan.yml
@@ -22,9 +22,13 @@ permissions:
   contents: read
   security-events: write
   pull-requests: write
+  # The standards reusable declares actions:read; a caller permissions
+  # block that omits it pins actions to `none`, so the reusable's request
+  # exceeds the grant and the run dies as `startup_failure` (no jobs).
+  actions: read
 
 jobs:
   hypatia:
     timeout-minutes: 30
-    uses: hyperpolymath/standards/.github/workflows/hypatia-scan-reusable.yml@915139d73560e65a8240b8fc7768698658502c89
+    uses: hyperpolymath/standards/.github/workflows/hypatia-scan-reusable.yml@8e6ba7d4a0890d25425855a77404d4690d0ab4b5  # standards #380; repin from a 0-jobs stale ref (paired with actions:read above)
     secrets: inherit