diff --git a/.github/workflows/fix-security-vulnerability.yml b/.github/workflows/fix-security-vulnerability.yml
index ac3a22dba778..450e76d03625 100644
--- a/.github/workflows/fix-security-vulnerability.yml
+++ b/.github/workflows/fix-security-vulnerability.yml
@@ -36,6 +36,11 @@ jobs:
 
             IMPORTANT: Do NOT dismiss any alerts. Do NOT wait for approval.
 
+            IMPORTANT: To fetch the alert, use EXACTLY this command format (replacing <number> with the alert number):
+              gh api repos/getsentry/sentry-javascript/dependabot/alerts/<number>
+            Do NOT use --paginate, query parameters, GraphQL, curl, or any other approach.
+            Your allowed tools are narrowly scoped - only the exact command patterns listed will be permitted.
+
             If you can fix the vulnerability:
               Create a branch named fix/security-<alert-number>, apply the fix, and open a PR with your analysis
               in the PR description. Target the develop branch.