diff --git a/.github/workflows/pullrequest.yml b/.github/workflows/pullrequest.yml
index 5586ada..b8f01de 100644
--- a/.github/workflows/pullrequest.yml
+++ b/.github/workflows/pullrequest.yml
@@ -9,6 +9,10 @@ jobs:
   verifypr:
     runs-on: ubuntu-latest
     steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v2.3.0
+        with:
+          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs    
       - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
       - name: Run StandardLint
         uses: mikaelvesavuori/standardlint-action@6aa06559941f5dda07f7d89eefff6da591e9e0b9 # v1.0.0