diff --git a/.github/workflows/build-android.yml b/.github/workflows/build-android.yml
index 3aae12e..b30704b 100644
--- a/.github/workflows/build-android.yml
+++ b/.github/workflows/build-android.yml
@@ -6,6 +6,9 @@ on:
   pull_request:
     branches: [ "main" ]
 
+permissions:
+  contents: read
+
 jobs:
   build-android:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/build-ios.yml b/.github/workflows/build-ios.yml
index 5ba82c4..f5c245c 100644
--- a/.github/workflows/build-ios.yml
+++ b/.github/workflows/build-ios.yml
@@ -6,6 +6,9 @@ on:
   pull_request:
     branches: [ "main" ]
 
+permissions:
+  contents: read
+
 jobs:
   build-ios:
     runs-on: macos-13-xl
diff --git a/.github/workflows/code-lint.yml b/.github/workflows/code-lint.yml
index 269c06a..1d9ee43 100644
--- a/.github/workflows/code-lint.yml
+++ b/.github/workflows/code-lint.yml
@@ -6,6 +6,9 @@ on:
   pull_request:
     branches: [ "main" ]
 
+permissions:
+  contents: read
+
 jobs:
   code-lint:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 881c9d2..5fd4d4f 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -8,6 +8,10 @@ on:
         type: string
 env:
   NEW_VERSION: ${{ github.event.inputs.release_tag }}
+permissions:
+  contents: write
+  pull-requests: read
+
 jobs:
   release:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index f5611c3..2e93ef5 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -6,6 +6,9 @@ on:
   pull_request:
     branches: [ "main" ]
 
+permissions:
+  contents: read
+
 jobs:
   code-test:
     runs-on: ubuntu-latest