diff --git a/.github/workflows/apply-version-label-issue.yml b/.github/workflows/apply-version-label-issue.yml
index 816d29876a200a..121e280cfcafe6 100644
--- a/.github/workflows/apply-version-label-issue.yml
+++ b/.github/workflows/apply-version-label-issue.yml
@@ -4,8 +4,13 @@ on:
   issues:
     types: [opened, edited]
 
+permissions:
+  contents: read
+
 jobs:
   add-version-label-issue:
+    permissions:
+      issues: write  # for react-native-community/actions-apply-version-label to label issues
     runs-on: ubuntu-latest
     continue-on-error: true
 
diff --git a/.github/workflows/danger_pr.yml b/.github/workflows/danger_pr.yml
index 4cde18a216d7eb..d3e8072065a891 100644
--- a/.github/workflows/danger_pr.yml
+++ b/.github/workflows/danger_pr.yml
@@ -4,6 +4,9 @@ on:
   pull_request:
     types: [opened, edited, reopened, synchronize]
 
+permissions:
+  contents: read
+
 jobs:
   danger:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/needs-attention.yml b/.github/workflows/needs-attention.yml
index 5eea15c614de35..f1ec7e8813475c 100644
--- a/.github/workflows/needs-attention.yml
+++ b/.github/workflows/needs-attention.yml
@@ -4,8 +4,14 @@ on:
   issue_comment:
     types: created
 
+permissions:
+  contents: read
+
 jobs:
   applyNeedsAttentionLabel:
+    permissions:
+      contents: read  # for actions/checkout to fetch code
+      issues: write  # for hramos/needs-attention to label issues
     name: Apply Needs Attention Label
     runs-on: ubuntu-latest
     steps:
diff --git a/.github/workflows/on-issue-labeled.yml b/.github/workflows/on-issue-labeled.yml
index 0307601237b3b7..f99404e94fae8a 100644
--- a/.github/workflows/on-issue-labeled.yml
+++ b/.github/workflows/on-issue-labeled.yml
@@ -4,8 +4,14 @@ on:
   issues:
     types: labeled
 
+permissions:
+  contents: read
+
 jobs:
   respondToIssueBasedOnLabel:
+    permissions:
+      contents: read  # for hramos/respond-to-issue-based-on-label to fetch config file
+      issues: write  # for hramos/respond-to-issue-based-on-label to update issues
     name: Respond to Issue Based on Label
     runs-on: ubuntu-latest
     steps:
diff --git a/.github/workflows/test-docker-android.yml b/.github/workflows/test-docker-android.yml
index 0af080466c32ef..6951e180eb81ce 100644
--- a/.github/workflows/test-docker-android.yml
+++ b/.github/workflows/test-docker-android.yml
@@ -8,6 +8,9 @@ on:
     branches:
       - main
 
+permissions:
+  contents: read
+
 jobs:
   test-docker-android:
     name: Test Docker