diff --git a/.github/workflows/claude-review.yml b/.github/workflows/claude-review.yml
index ae3c0b0..fccf20c 100644
--- a/.github/workflows/claude-review.yml
+++ b/.github/workflows/claude-review.yml
@@ -20,7 +20,12 @@ jobs:
   review:
     name: Claude Review
     runs-on: ubuntu-latest
-    if: github.event.pull_request.user.login != 'dependabot[bot]'
+    # Fork PRs run with a read-only token and no access to secrets, so the
+    # review can't authenticate. Skip them (along with dependabot) until fork
+    # support is added.
+    if: >-
+      github.event.pull_request.head.repo.full_name == github.repository &&
+      github.event.pull_request.user.login != 'dependabot[bot]'
     permissions:
       contents: read
       pull-requests: write
diff --git a/README.md b/README.md
index 88a5ac0..b77e1b8 100644
--- a/README.md
+++ b/README.md
@@ -20,8 +20,10 @@ Pin to `vX.Y.Z` if you need an immutable reference.
 ### `claude-review`
 
 Runs Claude Code as a PR reviewer on `pull_request` events. The workflow owns
-its trigger filter (skips Dependabot), concurrency group, permissions, and
-review prompt — consumers just dispatch.
+its trigger filter (skips Dependabot and PRs from forks), concurrency group,
+permissions, and review prompt — consumers just dispatch. Fork PRs are skipped
+because they run with a read-only token and no access to secrets, so the review
+can't authenticate.
 
 ```yaml
 name: Claude PR Review