diff --git a/.github/workflows/prettier.yml b/.github/workflows/prettier.yml
index 3cc69b529c371..5ecb2cab3e399 100644
--- a/.github/workflows/prettier.yml
+++ b/.github/workflows/prettier.yml
@@ -10,6 +10,12 @@ concurrency:
 
 jobs:
   format:
+    # ---------------------------------------------------------
+    # SAFETY CHECK:
+    # Only run for PRs from the SAME repository.
+    # Fork PRs are skipped entirely to prevent RCE via npm install.
+    # ---------------------------------------------------------
+    if: ${{ github.event.pull_request.head.repo.fork == false }}
     permissions:
       contents: write
     runs-on: ubuntu-latest