diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml
index 03c5ca42..9abb9b83 100644
--- a/.github/workflows/pr-checks.yml
+++ b/.github/workflows/pr-checks.yml
@@ -2,6 +2,8 @@ name: PR Checks
 on:
   pull_request:
     types: [opened, reopened, synchronize, edited]
+permissions:
+  issues: write
 jobs:
   validate:
     runs-on: ubuntu-latest
@@ -29,12 +31,18 @@ jobs:
             }
 
             if (issues.length > 0) {
-              const comment = `## 🔍 PR Validation\n\n${issues.join('\n')}`;
-              await github.rest.issues.createComment({
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                issue_number: pr.number,
-                body: comment
-              });
+              // Fork PRs get a read-only GITHUB_TOKEN; skip commenting to avoid errors
+              if (pr.head.repo.full_name === pr.base.repo.full_name) {
+                const comment = `## 🔍 PR Validation\n\n${issues.join('\n')}`;
+                await github.rest.issues.createComment({
+                  owner: context.repo.owner,
+                  repo: context.repo.repo,
+                  issue_number: pr.number,
+                  body: comment
+                });
+              } else {
+                core.warning('Skipping PR comment for fork PR (read-only token)');
+                issues.forEach(issue => core.warning(issue));
+              }
               core.setFailed('PR validation failed');
             }