Update content/actions/how-tos/security-for-github-actions/security-guides/security-hardening-for-github-actions.md

Co-authored-by: Jaroslav Lobačevski <jarlob@github.com>
Co-authored-by: Will Slattum <wrslatz@gmail.com>

Author: 3 people

content/actions/how-tos/security-for-github-actions/security-guides/security-hardening-for-github-actions.md

@@ -178,7 +178,7 @@ There are a number of different approaches available to help you mitigate the ri
 
 ### Avoid potentially dangerous workflow triggers
 
-Avoid using the `pull_request_target` and `workflow_run` workflow triggers if not necessary. Only use these workflow triggers when the workflow actually needs the privileged context and access from the target repo to be available in the workflow.
+Avoid using the `pull_request_target` workflow trigger if not necessary. Prefer using `workflow_run` for privilege separation between workflows as described in [Keeping your GitHub Actions and workflows secure: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests). Only use these workflow triggers when the workflow actually needs the privileged context.
 
 ### Do not use the `pull_request_target` and `workflow_run` workflow triggers with untrusted content