diff --git a/.github/workflows/contributors.yml b/.github/workflows/contributors.yml
index 44d6372..7292fb1 100644
--- a/.github/workflows/contributors.yml
+++ b/.github/workflows/contributors.yml
@@ -14,6 +14,7 @@ permissions:
 
 jobs:
   contrib-readme-job:
+    if: github.repository == 'zhom/donutbrowser'
     runs-on: ubuntu-latest
     name: Automatically update the contributors list in the README
     permissions:
diff --git a/.github/workflows/dependabot-automerge.yml b/.github/workflows/dependabot-automerge.yml
index 8850a7a..a2f8383 100644
--- a/.github/workflows/dependabot-automerge.yml
+++ b/.github/workflows/dependabot-automerge.yml
@@ -12,7 +12,7 @@ permissions:
 jobs:
   security-scan:
     name: Security Vulnerability Scan
-    if: ${{ github.actor == 'dependabot[bot]' }}
+    if: github.repository == 'zhom/donutbrowser' && github.actor == 'dependabot[bot]'
     uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@c5996e0193a3df57d695c1b8a1dec2a4c62e8730" # v2.3.3
     with:
       scan-args: |-
@@ -28,7 +28,7 @@ jobs:
 
   lint-js:
     name: Lint JavaScript/TypeScript
-    if: ${{ github.actor == 'dependabot[bot]' }}
+    if: github.repository == 'zhom/donutbrowser' && github.actor == 'dependabot[bot]'
     uses: ./.github/workflows/lint-js.yml
     secrets: inherit
     permissions:
@@ -36,7 +36,7 @@ jobs:
 
   lint-rust:
     name: Lint Rust
-    if: ${{ github.actor == 'dependabot[bot]' }}
+    if: github.repository == 'zhom/donutbrowser' && github.actor == 'dependabot[bot]'
     uses: ./.github/workflows/lint-rs.yml
     secrets: inherit
     permissions:
@@ -44,7 +44,7 @@ jobs:
 
   codeql:
     name: CodeQL
-    if: ${{ github.actor == 'dependabot[bot]' }}
+    if: github.repository == 'zhom/donutbrowser' && github.actor == 'dependabot[bot]'
     uses: ./.github/workflows/codeql.yml
     secrets: inherit
     permissions:
@@ -55,7 +55,7 @@ jobs:
 
   spellcheck:
     name: Spell Check
-    if: ${{ github.actor == 'dependabot[bot]' }}
+    if: github.repository == 'zhom/donutbrowser' && github.actor == 'dependabot[bot]'
     uses: ./.github/workflows/spellcheck.yml
     secrets: inherit
     permissions:
@@ -63,7 +63,7 @@ jobs:
 
   dependabot-automerge:
     name: Dependabot Automerge
-    if: ${{ github.actor == 'dependabot[bot]' }}
+    if: github.repository == 'zhom/donutbrowser' && github.actor == 'dependabot[bot]'
     needs: [security-scan, lint-js, lint-rust, codeql, spellcheck]
     runs-on: ubuntu-latest
     steps:
diff --git a/.github/workflows/issue-validation.yml b/.github/workflows/issue-validation.yml
index 2813cc4..17e7457 100644
--- a/.github/workflows/issue-validation.yml
+++ b/.github/workflows/issue-validation.yml
@@ -19,7 +19,7 @@ permissions:
 
 jobs:
   analyze-issue:
-    if: github.event_name == 'issues'
+    if: github.repository == 'zhom/donutbrowser' && github.event_name == 'issues'
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
@@ -67,7 +67,7 @@ jobs:
             - Never exceed 6 items total.
 
   analyze-pr:
-    if: github.event_name == 'pull_request_target' && github.actor != 'dependabot[bot]'
+    if: github.repository == 'zhom/donutbrowser' && github.event_name == 'pull_request_target' && github.actor != 'dependabot[bot]'
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
@@ -118,6 +118,7 @@ jobs:
 
   opencode-command:
     if: |
+      github.repository == 'zhom/donutbrowser' &&
       (github.event_name == 'issue_comment' || github.event_name == 'pull_request_review_comment') &&
       (contains(github.event.comment.body, ' /oc') ||
        startsWith(github.event.comment.body, '/oc') ||
diff --git a/.github/workflows/release-notes-generator.yml b/.github/workflows/release-notes-generator.yml
index 12da285..271e75f 100644
--- a/.github/workflows/release-notes-generator.yml
+++ b/.github/workflows/release-notes-generator.yml
@@ -13,7 +13,7 @@ permissions:
 jobs:
   generate-release-notes:
     runs-on: ubuntu-latest
-    if: github.event.workflow_run.conclusion == 'success' && startsWith(github.event.workflow_run.head_branch, 'v')
+    if: github.repository == 'zhom/donutbrowser' && github.event.workflow_run.conclusion == 'success' && startsWith(github.event.workflow_run.head_branch, 'v')
 
     steps:
       - name: Checkout repository
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index d56d090..d6dfe9a 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -18,6 +18,7 @@ env:
 
 jobs:
   security-scan:
+    if: github.repository == 'zhom/donutbrowser'
     name: Security Vulnerability Scan
     uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@c5996e0193a3df57d695c1b8a1dec2a4c62e8730" # v2.3.3
     with:
@@ -33,6 +34,7 @@ jobs:
       actions: read
 
   lint-js:
+    if: github.repository == 'zhom/donutbrowser'
     name: Lint JavaScript/TypeScript
     uses: ./.github/workflows/lint-js.yml
     secrets: inherit
@@ -40,6 +42,7 @@ jobs:
       contents: read
 
   lint-rust:
+    if: github.repository == 'zhom/donutbrowser'
     name: Lint Rust
     uses: ./.github/workflows/lint-rs.yml
     secrets: inherit
@@ -47,6 +50,7 @@ jobs:
       contents: read
 
   codeql:
+    if: github.repository == 'zhom/donutbrowser'
     name: CodeQL
     uses: ./.github/workflows/codeql.yml
     secrets: inherit
@@ -57,6 +61,7 @@ jobs:
       actions: read
 
   spellcheck:
+    if: github.repository == 'zhom/donutbrowser'
     name: Spell Check
     uses: ./.github/workflows/spellcheck.yml
     secrets: inherit
@@ -64,6 +69,7 @@ jobs:
       contents: read
 
   release:
+    if: github.repository == 'zhom/donutbrowser'
     needs: [security-scan, lint-js, lint-rust, codeql, spellcheck]
     permissions:
       contents: write
@@ -232,6 +238,7 @@ jobs:
 #          commit_message: "docs: update CHANGELOG.md for ${{ github.ref_name }} [skip ci]"
 
   publish-repos:
+    if: github.repository == 'zhom/donutbrowser'
     needs: [release]
     runs-on: ubuntu-latest
     permissions:
diff --git a/.github/workflows/rolling-release.yml b/.github/workflows/rolling-release.yml
index b16b24b..c05ccb2 100644
--- a/.github/workflows/rolling-release.yml
+++ b/.github/workflows/rolling-release.yml
@@ -17,6 +17,7 @@ env:
 
 jobs:
   security-scan:
+    if: github.repository == 'zhom/donutbrowser'
     name: Security Vulnerability Scan
     uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@c5996e0193a3df57d695c1b8a1dec2a4c62e8730" # v2.3.3
     with:
@@ -32,6 +33,7 @@ jobs:
       actions: read
 
   lint-js:
+    if: github.repository == 'zhom/donutbrowser'
     name: Lint JavaScript/TypeScript
     uses: ./.github/workflows/lint-js.yml
     secrets: inherit
@@ -39,6 +41,7 @@ jobs:
       contents: read
 
   lint-rust:
+    if: github.repository == 'zhom/donutbrowser'
     name: Lint Rust
     uses: ./.github/workflows/lint-rs.yml
     secrets: inherit
@@ -46,6 +49,7 @@ jobs:
       contents: read
 
   codeql:
+    if: github.repository == 'zhom/donutbrowser'
     name: CodeQL
     uses: ./.github/workflows/codeql.yml
     secrets: inherit
@@ -56,6 +60,7 @@ jobs:
       actions: read
 
   spellcheck:
+    if: github.repository == 'zhom/donutbrowser'
     name: Spell Check
     uses: ./.github/workflows/spellcheck.yml
     secrets: inherit
@@ -63,6 +68,7 @@ jobs:
       contents: read
 
   rolling-release:
+    if: github.repository == 'zhom/donutbrowser'
     needs: [security-scan, lint-js, lint-rust, codeql, spellcheck]
     permissions:
       contents: write
@@ -236,6 +242,7 @@ jobs:
           rm -f $RUNNER_TEMP/build_certificate.p12 || true
 
   update-nightly-release:
+    if: github.repository == 'zhom/donutbrowser'
     needs: [rolling-release]
     runs-on: ubuntu-latest
     permissions:
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
index 43f73f6..d66593d 100644
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -6,6 +6,7 @@ on:
 
 jobs:
   stale:
+    if: github.repository == 'zhom/donutbrowser'
     runs-on: ubuntu-latest
     permissions:
       issues: write