diff --git a/.github/workflows/validate-kernel-commits.yml b/.github/workflows/validate-kernel-commits.yml
index 0efc012e9a844..550fe96592c88 100644
--- a/.github/workflows/validate-kernel-commits.yml
+++ b/.github/workflows/validate-kernel-commits.yml
@@ -14,15 +14,16 @@ jobs:
     timeout-minutes: 120
 
     steps:
-      - name: Checkout PR branch
+      - name: Checkout base branch
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
-          ref: ${{ github.head_ref }}
+          ref: ${{ github.base_ref }}
 
-      - name: Checkout base branch
+      - name: Fetch PR branch
         run: |
-          git fetch origin ${{ github.base_ref }}:${{ github.base_ref }}
+          git fetch "${{ github.event.pull_request.head.repo.clone_url }}" "${{ github.head_ref }}"
+          echo "HEAD_SHA=$(git rev-parse FETCH_HEAD)" >> "$GITHUB_ENV"
 
       - name: Checkout kernel-src-tree-tools
         uses: actions/checkout@v4
@@ -44,7 +45,7 @@ jobs:
           set -o pipefail  # Capture exit code from python script, not tee
           python3 check_kernel_commits.py \
             --repo .. \
-            --pr_branch "${{ github.head_ref }}" \
+            --pr_branch "$HEAD_SHA" \
             --base_branch "${{ github.base_ref }}" \
             --markdown \
             --check-cves | tee ../ckc_result.txt
@@ -82,7 +83,7 @@ jobs:
         run: |
           if ! gh pr comment ${{ github.event.pull_request.number }} \
             --body-file ckc_result.txt \
-            --repo ${{ github.repository }}; then
+            --repo "${{ github.repository }}"; then
             echo "❌ Failed to post check-kernel-commits comment to PR"
             exit 1
           fi
@@ -108,7 +109,7 @@ jobs:
           set -o pipefail  # Capture exit code from python script, not tee
           python3 run_interdiff.py \
             --repo .. \
-            --pr_branch "${{ github.head_ref }}" \
+            --pr_branch "$HEAD_SHA" \
             --base_branch "${{ github.base_ref }}" \
             --markdown \
             --interdiff ../patchutils/src/interdiff | tee ../interdiff_result.txt
@@ -146,23 +147,35 @@ jobs:
         run: |
           if ! gh pr comment ${{ github.event.pull_request.number }} \
             --body-file interdiff_result.txt \
-            --repo ${{ github.repository }}; then
+            --repo "${{ github.repository }}"; then
             echo "❌ Failed to post interdiff comment to PR"
             exit 1
           fi
 
+      - name: Determine if JIRA PR check should run
+        id: should_check_jira
+        run: |
+          if [ "${{ github.event.pull_request.head.repo.full_name }}" = "${{ github.repository }}" ]; then
+            echo "result=true" >> $GITHUB_OUTPUT
+          else
+            echo "result=false" >> $GITHUB_OUTPUT
+          fi
+
       - name: Install JIRA PR Check dependencies
+        if: steps.should_check_jira.outputs.result == 'true'
         run: |
           python -m pip install --upgrade pip
           pip install jira
 
       - name: Mask JIRA credentials
+        if: steps.should_check_jira.outputs.result == 'true'
         run: |
           echo "::add-mask::${{ secrets.JIRA_API_TOKEN }}"
           echo "::add-mask::${{ secrets.JIRA_API_USER }}"
           echo "::add-mask::${{ secrets.JIRA_URL }}"
 
       - name: Run JIRA PR Check
+        if: steps.should_check_jira.outputs.result == 'true'
         id: jira_check
         continue-on-error: true  # Allow PR comments to be posted before failing workflow
         env:
@@ -176,8 +189,8 @@ jobs:
           set +e  # Don't exit on error, we want to capture the output
           OUTPUT=$(python3 jira_pr_check.py \
             --kernel-src-tree .. \
-            --merge-target ${{ github.base_ref }} \
-            --pr-branch ${{ github.head_ref }} 2>&1)
+            --merge-target "${{ github.base_ref }}" \
+            --pr-branch "$HEAD_SHA" 2>&1)
           EXIT_CODE=$?
 
           # Filter out any potential credential leaks from output
@@ -212,29 +225,29 @@ jobs:
           exit $EXIT_CODE
 
       - name: Comment PR with JIRA issues
-        if: steps.jira_check.outputs.has_issues == 'true'
+        if: steps.should_check_jira.outputs.result == 'true' && steps.jira_check.outputs.has_issues == 'true'
         env:
           GH_TOKEN: ${{ github.token }}
         run: |
           if ! gh pr comment ${{ github.event.pull_request.number }} \
             --body "${{ steps.jira_check.outputs.output }}" \
-            --repo ${{ github.repository }}; then
+            --repo "${{ github.repository }}"; then
             echo "❌ Failed to post JIRA check comment to PR"
             exit 1
           fi
 
       - name: Request changes if LTS mismatch
-        if: steps.jira_check.outputs.has_lts_mismatch == 'true'
+        if: steps.should_check_jira.outputs.result == 'true' && steps.jira_check.outputs.has_lts_mismatch == 'true'
         env:
           GH_TOKEN: ${{ github.token }}
         run: |
           gh pr review ${{ github.event.pull_request.number }} \
             --request-changes \
             --body "⚠️ This PR contains VULN tickets that do not match the target LTS product. Please review the JIRA ticket assignments and ensure they match the merge target branch." \
-            --repo ${{ github.repository }}
+            --repo "${{ github.repository }}"
 
       - name: Fail workflow if JIRA errors found
-        if: steps.jira_check.outcome == 'failure'
+        if: steps.should_check_jira.outputs.result == 'true' && steps.jira_check.outcome == 'failure'
         run: |
           echo "❌ JIRA PR check failed - errors were found in one or more commits"
           exit 1