diff --git a/docs/docs/20-usage/72-extensions/index.md b/docs/docs/20-usage/72-extensions/index.md
index 4f66dd288f..0c85187bf7 100644
--- a/docs/docs/20-usage/72-extensions/index.md
+++ b/docs/docs/20-usage/72-extensions/index.md
@@ -8,6 +8,10 @@ There is currently one type of extension available:
 - [Registry extension](./50-registry-extension.md) to get registry credentials from the extension.
 - [Secret extension](./55-secret-extension.md) to get secrets from an external service.
 
+:::note
+Woodpecker's permission handling is linked to the forge. A user on your forge that has admin access to the repo will also get admin permissions for the repository in Woodpecker and can then change the configured extensions. This could be used to get credentials of the forge user. Make sure you trust the repo admins that can sign in to Woodpecker.
+:::
+
 ## Security
 
 :::warning
diff --git a/docs/docs/20-usage/75-project-settings.md b/docs/docs/20-usage/75-project-settings.md
index 170997b30d..0a73cb19c1 100644
--- a/docs/docs/20-usage/75-project-settings.md
+++ b/docs/docs/20-usage/75-project-settings.md
@@ -4,6 +4,10 @@ As the owner of a project in Woodpecker you can change project related settings
 
 ![project settings](./project-settings.png)
 
+:::note
+Woodpecker's permission handling is linked to the forge. A user on your forge that has admin access to the repo will also get admin permissions for the repository in Woodpecker and can then change the settings here.
+:::
+
 ## Pipeline path
 
 The path to the pipeline config file or folder. By default it is left empty which will use the following configuration resolution `.woodpecker/*.{yaml,yml}` -> `.woodpecker.yaml` -> `.woodpecker.yml`. If you set a custom path Woodpecker tries to load your configuration or fails if no configuration could be found at the specified location. To use a [multiple workflows](./25-workflows.md) with a custom path you have to change it to a folder path ending with a `/` like `.woodpecker/`.