This rule is designed to monitor and track workflows that are triggered by cross-fork pull requests within GitHub repositories. It leverages GitHub Webhook logs to identify when a workflow is requested on a pull request that originates from a fork of the repository rather than from the repository itself. The rule checks for specific workflow run details, including the workflow's event type (e.g., pull_request or push), the status of the workflow, and the conclusion of the run. The goal is to establish visibility on potentially malicious activities that might arise during the execution of workflows from forks that could lead to unauthorized access or changes. The rule is categorized under the CI/CD and Workflow tags and has an informational severity level since it primarily serves to enhance monitoring without triggering alerts.