diff --git a/ql/lib/codeql/actions/security/UntrustedCheckoutQuery.qll b/ql/lib/codeql/actions/security/UntrustedCheckoutQuery.qll
index 12a65a52baa..9668fce2ae0 100644
--- a/ql/lib/codeql/actions/security/UntrustedCheckoutQuery.qll
+++ b/ql/lib/codeql/actions/security/UntrustedCheckoutQuery.qll
@@ -245,7 +245,8 @@ class ActionsMutableRefCheckout extends MutableRefCheckoutStep instanceof UsesSt
       |
         expr.(StepsExpression).getStepId() = value
         or
-        expr.(SimpleReferenceExpression).getFieldName() = value
+        expr.(SimpleReferenceExpression).getFieldName() = value and
+        not expr instanceof GitHubExpression
         or
         expr.(NeedsExpression).getNeededJobId() = value
         or
@@ -279,7 +280,8 @@ class ActionsSHACheckout extends SHACheckoutStep instanceof UsesStep {
       |
         expr.(StepsExpression).getStepId() = value
         or
-        expr.(SimpleReferenceExpression).getFieldName() = value
+        expr.(SimpleReferenceExpression).getFieldName() = value and
+        not expr instanceof GitHubExpression
         or
         expr.(NeedsExpression).getNeededJobId() = value
         or