diff --git a/.github/workflows/lint-pr-title-preview-all.yml b/.github/workflows/lint-pr-title-preview-all.yml
index 1e1a34d..735aeb4 100644
--- a/.github/workflows/lint-pr-title-preview-all.yml
+++ b/.github/workflows/lint-pr-title-preview-all.yml
@@ -6,14 +6,21 @@ on:
       - edited
       - synchronize
 
+permissions: {}
+
 jobs:
   main:
     runs-on: ubuntu-latest
     permissions:
       pull-requests: read
     steps:
-      - uses: actions/checkout@v5
-      - uses: actions/setup-node@v4
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+        with:
+          egress-policy: audit
+
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
           node-version: 24
       - run: yarn install