From 28674474a4dd065aad2d567d06cfc60694df3603 Mon Sep 17 00:00:00 2001
From: Peter Evans <18365890+peter-evans@users.noreply.github.com>
Date: Tue, 6 Apr 2021 10:46:44 +0900
Subject: [PATCH] docs: add link to github blog post

---
 docs/concepts-guidelines.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/concepts-guidelines.md b/docs/concepts-guidelines.md
index f4694a7..69b2e1a 100644
--- a/docs/concepts-guidelines.md
+++ b/docs/concepts-guidelines.md
@@ -129,6 +129,8 @@ jobs:
     if: github.event.pull_request.head.repo.full_name == github.repository
 ```
 
+For further reading regarding the security of pull requests, see this GitHub blog post titled [Keeping your GitHub Actions and workflows secure: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)
+
 ### Triggering further workflow runs
 
 Pull requests created by the action using the default `GITHUB_TOKEN` cannot trigger other workflows. If you have `on: pull_request` or `on: push` workflows acting as checks on pull requests, they will not run.