diff --git a/.github/workflows/check-arns.yml b/.github/workflows/check-arns.yml
index add5f76..e858080 100644
--- a/.github/workflows/check-arns.yml
+++ b/.github/workflows/check-arns.yml
@@ -12,12 +12,12 @@ jobs:
       - name: Check for exposed ARNs
         run: |
           # Find files containing ARN patterns with actual account IDs
-          # Exclude .git directory and this workflow file itself
-          if grep -r --include="*" --exclude-dir=".git" --exclude=".github/workflows/check-arns.yml" -E 'arn:aws:[^:]+:[^:]+:[0-9]{12}:' .; then
+          # Exclude .git directory, markdown files, and this workflow file itself
+          if grep -r --include="*" --exclude="*.md" --exclude-dir=".git" --exclude=".github/workflows/check-arns.yml" -E 'arn:aws:[^:]+:[^:]+:[0-9]{12}:' .; then
             echo "ERROR: Found unsanitized ARNs in the repository"
             echo "Please replace account IDs with a placeholder such as <account-id>"
             echo "Files with exposed ARNs:"
-            grep -r --include="*" --exclude-dir=".git" --exclude=".github/workflows/check-arns.yml" -l -E 'arn:aws:[^:]+:[^:]+:[0-9]{12}:' .
+            grep -r --include="*" --exclude="*.md" --exclude-dir=".git" --exclude=".github/workflows/check-arns.yml" -l -E 'arn:aws:[^:]+:[^:]+:[0-9]{12}:' .
             exit 1
           fi