name: Issue Management Workflow

# Start with empty permissions
permissions: {}

jobs:
  manage-issues:
    runs-on: ubuntu-latest
    # Add only required permissions
    permissions:
      issues: write
    
    steps:
      # Check user permissions first before proceeding
      - name: Check User Permissions
        uses: actions/github-script@v7
        with:
          script: |
            // Verify user has appropriate permissions
            if (!context.payload.sender.permissions.write) {
              core.setFailed('User does not have write permissions')
              return
            }
            
      # Remaining steps only execute if permissions check passes
      - name: Close stale issues
        # ...