diff --git a/README.md b/README.md
index 6711984..6deba6a 100644
--- a/README.md
+++ b/README.md
@@ -56,7 +56,7 @@ With the exception of `token`, all inputs are **optional**. If not set, sensible
 | `project` | The name of the project for which a card should be created. Requires `project-column`. | |
 | `project-column` | The name of the project column under which a card should be created. Requires `project`. | |
 | `branch` | The branch name. See [Branch naming](#branch-naming) for details. | `create-pull-request/patch` |
-| `request-to-parent` | Create the pull request in the parent repository of the checked out fork. | `false` |
+| `request-to-parent` | Create the pull request in the parent repository of the checked out fork. See [push pull request branches to a fork](https://github.com/peter-evans/create-pull-request/blob/master/docs/concepts-guidelines.md#push-pull-request-branches-to-a-fork) for details. | `false` |
 | `base` | Sets the pull request base branch. | Defaults to the branch checked out in the workflow. |
 | `branch-suffix` | The branch suffix type. Valid values are `random`, `timestamp` and `short-commit-hash`. See [Branch naming](#branch-naming) for details. | |
 
diff --git a/docs/concepts-guidelines.md b/docs/concepts-guidelines.md
index c0e5d19..92a9c34 100644
--- a/docs/concepts-guidelines.md
+++ b/docs/concepts-guidelines.md
@@ -183,15 +183,17 @@ How to use SSH (deploy keys) with create-pull-request action:
 
 ### Push pull request branches to a fork
 
-To enforce security, you can use a dedicated user using [machine account](https://help.github.com/en/github/site-policy/github-terms-of-service#3-account-requirements).
-This user has no access to the main repository, it will use their own fork to push code and create the pull request.
+Instead of pushing pull request branches to the repository you want to update, you can push them to a fork of that repository.
+This allows you to employ the [principle of least privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege) by using a dedicated user acting as a [machine account](https://help.github.com/en/github/site-policy/github-terms-of-service#3-account-requirements).
+This user has no access to the main repository.
+It will use their own fork to push code and create the pull request.
 
-1. Create a new github user, then login with this user.
-2. fork the repository.
-3. create a [Personal Access Token (PAT)](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line).
-4. logout and go back to your main user.
-5. Add a secret to the repository containing the above PAT.
-6. As shown in the example below, switch the git remote to the fork's url after checkout and set the action input `request-on-parent` to `true`.
+1. Create a new GitHub user and login.
+2. Fork the repository that you will be creating pull requests in.
+3. Create a [Personal Access Token (PAT)](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line).
+4. Logout and log back in to your main user account.
+5. Add a secret to your repository containing the above PAT.
+6. As shown in the following example workflow, switch the git remote to the fork's URL after checkout and set the action input `request-on-parent` to `true`.
 
 ```yaml
       - uses: actions/checkout@v2