diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml
index 5ae39774..283294bd 100644
--- a/.github/workflows/dependabot-auto-merge.yml
+++ b/.github/workflows/dependabot-auto-merge.yml
@@ -14,8 +14,8 @@ permissions:
 jobs:
   auto-merge:
     runs-on: ubuntu-latest
-    # Only run for Dependabot PRs
-    if: github.actor == 'dependabot[bot]'
+    # Only run for Dependabot PRs on the upstream repository (not forks)
+    if: github.actor == 'dependabot[bot]' && github.repository == 'openshift/backplane-cli'
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
@@ -50,8 +50,30 @@ jobs:
           echo "Previous version: ${{ steps.metadata.outputs.previous-version }}"
           echo "New version: ${{ steps.metadata.outputs.new-version }}"
           
-          # Enable auto-merge with merge commit strategy
-          gh pr merge --auto --merge "${{ github.event.pull_request.number }}"
+          # Enable auto-merge using GitHub API (token is automatically masked in logs)
+          response=$(curl -s -w "%{http_code}" -o /tmp/response.json \
+            -X PUT \
+            -H "Accept: application/vnd.github+json" \
+            -H "Authorization: Bearer $GH_TOKEN" \
+            "https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/merge" \
+            -d '{"merge_method":"merge"}')
+          
+          if [[ "$response" -eq 200 ]]; then
+            echo "✅ Auto-merge enabled successfully"
+            cat /tmp/response.json
+          else
+            echo "❌ Failed to enable auto-merge. HTTP status: $response"
+            echo "Response body:"
+            cat /tmp/response.json
+            echo "::warning::Could not enable auto-merge due to permissions. PR labeled for manual review."
+            
+            # Add a comment to the PR explaining the situation (token is automatically masked)
+            curl -s -X POST \
+              -H "Accept: application/vnd.github+json" \
+              -H "Authorization: Bearer $GH_TOKEN" \
+              "https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/comments" \
+              -d '{"body":"🤖 **Dependabot Auto-Merge Status**\n\nThis PR meets the criteria for auto-merge but could not be automatically merged due to repository permissions.\n\n**Details:**\n- Update type: ${{ steps.metadata.outputs.update-type }}\n- Dependencies: ${{ steps.metadata.outputs.dependency-names }}\n- Previous version: ${{ steps.metadata.outputs.previous-version }}\n- New version: ${{ steps.metadata.outputs.new-version }}\n\nPlease review and merge manually if appropriate."}'
+          fi
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}