At present the documentation states this needs full repo access, it would be advantageous to make this only require read permission scopes.
If this isn't possible - it should use the new Github fine grained tokens which provide improved permission scopes.
https://github.blog/2022-10-18-introducing-fine-grained-personal-access-tokens-for-github/
"It is required to provide an access token with permission to these scopes: repo(all), read:repo_hook, admin:org_hook, read:org"
At present the documentation states this needs full repo access, it would be advantageous to make this only require read permission scopes.
If this isn't possible - it should use the new Github fine grained tokens which provide improved permission scopes.
https://github.blog/2022-10-18-introducing-fine-grained-personal-access-tokens-for-github/