1 files changed, 2 insertions, 0 deletions

diff --git a/zizmor.yml b/zizmor.yml
index 23630337b4..19493ba151 100644
--- a/zizmor.yml
+++ b/zizmor.yml
@@ -1,5 +1,7 @@
 rules:
   dangerous-triggers:
+    # Before ignoring a file, assume all inputs are malicious, assign explicit
+    # minimal permissions, and do not use actions/checkout.
     ignore:
       - coverage_comment.yml
       - labels.yml