diff --git a/.github/workflows/pr-check.yml b/.github/workflows/pr-check.yml
index c25ed46d..309ba086 100644
--- a/.github/workflows/pr-check.yml
+++ b/.github/workflows/pr-check.yml
@@ -27,4 +27,50 @@ jobs:
         run: npm install
 
       - name: NPM Build
-        run: SERVER_ROOT=https://playground.accordproject.org && NODE_OPTIONS=--max_old_space_size=8192 npm run build
\ No newline at end of file
+        run: SERVER_ROOT=https://playground.accordproject.org && NODE_OPTIONS=--max_old_space_size=8192 npm run build
+  
+  check-sensitive-files:
+    name: Check for Sensitive Files
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Get Changed Files
+        id: get_changed_files
+        uses: tj-actions/changed-files@v45
+
+      - name: Check for Unauthorized Changes
+        run: |
+          RESTRICTED_FILES=(
+            ".github/workflows/"
+            "package.json"
+            "package-lock.json"
+            "Dockerfile"
+            "docker-compose.yml"
+            ".env.example"
+          )
+
+          UNAUTHORIZED_CHANGES=""
+
+          for file in ${{ steps.get_changed_files.outputs.all_changed_files }}; do
+            for restricted in "${RESTRICTED_FILES[@]}"; do
+              if [[ "$file" == *"$restricted"* ]]; then
+                echo "❌ Unauthorized change detected: $file"
+                UNAUTHORIZED_CHANGES="$UNAUTHORIZED_CHANGES\n$file"
+              fi
+            done
+          done
+
+          if [[ ! -z "$UNAUTHORIZED_CHANGES" ]]; then
+            echo -e "⛔ Unauthorized changes detected in:\n$UNAUTHORIZED_CHANGES"
+            exit 1
+          else
+            echo "✅ No unauthorized changes detected. Proceeding..."
+          fi
+        shell: bash
+
+
+
+
+      
\ No newline at end of file