documentation: emphasize the head of a pull request is not trusted

README.md

@@ -51,8 +51,11 @@ It is recommended that a dedicated user is used to create
 `destination-token` and that `destination-fork-repo` is always used
 unless the users who are able to create pull requests are trusted.
 
-When the PR is from a forked repository, the `update` script is checked out from
+When the PR is from a forked repository, the `update` script is run
-the default branch instead of the head branch of the fork.
+from the default branch of the base repository instead of the head
+branch of the fork. The pull request author must not be trusted
+and it is imperative that the `update` script never runs anything
+found in the head branch of the pull request.
 
 If the fork of the destination repository is specified and it does
 not exist, it is created.

action.yml

@@ -50,8 +50,11 @@ description: |
   `destination-token` and that `destination-fork-repo` is always used
   unless the users who are able to create pull requests are trusted.
 
-  When the PR is from a forked repository, the `update` script is checked out from
+  When the PR is from a forked repository, the `update` script is run
-  the default branch instead of the head branch of the fork.
+  from the default branch of the base repository instead of the head
+  branch of the fork. The pull request author must not be trusted
+  and it is imperative that the `update` script never runs anything
+  found in the head branch of the pull request.
 
   If the fork of the destination repository is specified and it does
   not exist, it is created.