GitHub Tokens Permission Misuse

GitHub Actions jobs fail or behave inconsistently because autogenerated tokens and workflow permissions are misunderstood—auto-attachment during publish, missing write access for actions, and PR-triggered commits push/publish changes without the expected permission scope.