diff --git a/resolve-environment/action.yml b/resolve-environment/action.yml
index d92f9e78d3..188e5fd174 100644
--- a/resolve-environment/action.yml
+++ b/resolve-environment/action.yml
@@ -3,7 +3,7 @@ description: '[Experimental] Attempt to infer a build environment suitable for a
 author: 'GitHub'
 inputs:
   token:
-    description: "GitHub token to use for authenticating with this instance of GitHub. The token needs the `security-events: write` permission."
+    description: "GitHub token to use for authenticating with this instance of GitHub. The token must be the built-in GitHub Actions token, and the workflow must have the `security-events: write` permission. Most of the time it is advisable to avoid specifying this input so that the workflow falls back to using the default value."
     required: false
     default: ${{ github.token }}
   matrix:
diff --git a/start-proxy/action.yml b/start-proxy/action.yml
index a5bb5fc5f4..14d2cd1f89 100644
--- a/start-proxy/action.yml
+++ b/start-proxy/action.yml
@@ -10,7 +10,7 @@ inputs:
     description: Base64 encoded JSON configuration for the URLs and credentials of the package registries
     required: false
   token:
-    description: GitHub token to use for authenticating with this instance of GitHub, used to upload debug artifacts.
+    description: "GitHub token to use for authenticating with this instance of GitHub. The token must be the built-in GitHub Actions token, and the workflow must have the `security-events: write` permission. Most of the time it is advisable to avoid specifying this input so that the workflow falls back to using the default value."
     default: ${{ github.token }}
     required: false
   language: