diff --git a/.github/workflows/deploy-test-environment.yml b/.github/workflows/deploy-test-environment.yml
index 62a4d018d48d8a8ea3717a0813fd3125ea2fe5fb..7f58654f3351cc640c5faf6149f08898f5fa7007 100644
--- a/.github/workflows/deploy-test-environment.yml
+++ b/.github/workflows/deploy-test-environment.yml
@@ -23,16 +23,35 @@ jobs:
     runs-on: ubuntu-latest
     if: github.event_name == 'issue_comment' && github.event.issue.pull_request && startsWith(github.event.comment.body, '/preview')
     outputs:
+      is-allowed-user: ${{ steps.check-allowed-users.outputs.is-allowed-user }}
       pr-ref: ${{ steps.get-ref.outputs.pr-ref }}
       wait_time: ${{ steps.get-wait-time.outputs.wait_time }}
     steps:
       - name: Checkout
         uses: actions/checkout@v4
 
+      - name: Check allowed users
+        id: check-allowed-users
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          ORG_ID: ${{ github.repository_owner_id }}
+          COMMENT_AUTHOR: ${{ github.event.comment.user.login }}
+        run: |
+          MEMBERSHIP_STATUS=$(curl -s -H "Authorization: Bearer $GITHUB_TOKEN" \
+          -H "Accept: application/vnd.github+json" \
+          -H "X-GitHub-Api-Version: 2022-11-28" \
+          "https://api.github.com/organizations/$ORG_ID/public_members/$COMMENT_AUTHOR" \
+          -o /dev/null -w '%{http_code}\n' -s)
+          if [ "$MEMBERSHIP_STATUS" -eq 204 ]; then
+            echo "is-allowed-user=true" > $GITHUB_OUTPUT
+          else
+            echo "is-allowed-user=false" > $GITHUB_OUTPUT
+          fi
+
       - name: Get PR ref
         id: get-ref
         env:
-          GH_TOKEN: ${{ github.token }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           PR_NUMBER=$(jq --raw-output .issue.number $GITHUB_EVENT_PATH)
           PR_REF=$(gh pr view $PR_NUMBER --json headRefName -q '.headRefName')
@@ -40,13 +59,15 @@ jobs:
 
       - name: Extract wait time
         id: get-wait-time
+        env:
+          COMMENT_BODY: ${{ github.event.comment.body }}
         run: |
-          COMMENT_BODY="${{ github.event.comment.body }}"
           WAIT_TIME=$(echo "$COMMENT_BODY" | grep -oP '(?<=/preview\s)\d+' || echo "1800")
           echo "wait_time=$WAIT_TIME" > $GITHUB_OUTPUT
 
   deploy-test-environment-pr-comment:
     needs: get-pr-ref
+    if: needs.get-pr-ref.outputs.is-allowed-user == 'true'
     uses: joinmisskey/misskey-tga/.github/workflows/deploy-test-environment.yml@main
     with:
       repository: ${{ github.repository }}