diff --git a/.github/actions/check-permissions/action.yml b/.github/actions/check-permissions/action.yml
index 9a3ea6d7f7..4d258d10cf 100644
--- a/.github/actions/check-permissions/action.yml
+++ b/.github/actions/check-permissions/action.yml
@@ -16,11 +16,17 @@ runs:
   steps:
   - uses: actions/github-script@v7
     id: check-permission
+    env:
+      INPUT_MINIMUM-PERMISSION: ${{ inputs.minimum-permission }}
     with:
       script: |
         // Valid permissions are none, read, write, admin (legacy base permissions)
         const permissionsRanking = ["none", "read", "write", "admin"];
 
+        // Note: core.getInput doesn't work by default in a composite action - in this case
+        //       it would try to fetch the input to the github-script instead of the action
+        //       itself. Instead, we set the appropriate magic env var with the actions input.
+        //       See: https://github.com/actions/runner/issues/665
         const minimumPermission = core.getInput('minimum-permission');
         if (!permissionsRanking.includes(minimumPermission)) {
           core.setFailed(`Invalid minimum permission: ${minimumPermission}`);
@@ -40,4 +46,4 @@ runs:
           core.info(`Current actor (${tools.context.actor}) does not have the minimum required permission '${minimumPermission}' (has '${actorPermission}')`);
         } else {
           core.info(`Current actor (${tools.context.actor}) has the minimum required permission '${minimumPermission}' (has '${actorPermission}')`);
-        }
\ No newline at end of file
+        }