diff --git a/README.md b/README.md
index b0f6224..64dc025 100644
--- a/README.md
+++ b/README.md
@@ -311,8 +311,17 @@ jobs:
           git commit -m "generated"
           git push
 ```
+
 *NOTE:* The user email is `{user.id}+{user.login}@users.noreply.github.com`. See users API: https://api.github.com/users/github-actions%5Bbot%5D
 
+# Recommended permissions
+
+When using the `checkout` action in your GitHub Actions workflow, it is recommended to set the following `GITHUB_TOKEN` permissions to ensure proper functionality, unless alternative auth is provided via the `token` or `ssh-key` inputs:
+
+```yaml
+permissions:
+  contents: read
+```
 
 # License
 
diff --git a/src/git-auth-helper.ts b/src/git-auth-helper.ts
index 126e8e5..79c87fb 100644
--- a/src/git-auth-helper.ts
+++ b/src/git-auth-helper.ts
@@ -67,7 +67,7 @@ class GitAuthHelper {
     this.insteadOfValues.push(`git@${serverUrl.hostname}:`)
     if (this.settings.workflowOrganizationId) {
       this.insteadOfValues.push(
-        `org-${this.settings.workflowOrganizationId}@github.com:`
+        `org-${this.settings.workflowOrganizationId}@${serverUrl.hostname}:`
       )
     }
   }