diff --git a/.github/workflows/pr-audit.yml b/.github/workflows/pr-audit.yml
new file mode 100644
index 00000000..6dffe0d3
--- /dev/null
+++ b/.github/workflows/pr-audit.yml
@@ -0,0 +1,27 @@
+name: PR Audit
+
+on:
+  pull_request:
+    types: [labeled]
+
+jobs:
+  gate:
+    if: github.event.label.name == 'cyclops'
+    runs-on: ubuntu-latest
+    outputs:
+      allowed: ${{ steps.check.outputs.allowed }}
+    steps:
+      - id: check
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          PERM=$(gh api "repos/${{ github.repository }}/collaborators/${{ github.event.sender.login }}/permission" --jq '.permission')
+          if [ "$PERM" = "admin" ]; then
+            echo "allowed=true" >> "$GITHUB_OUTPUT"
+          fi
+
+  pr-audit:
+    needs: gate
+    if: needs.gate.outputs.allowed == 'true'
+    uses: tempoxyz/gh-actions/.github/workflows/pr-audit.yml@main
+    secrets: inherit