diff --git a/README.md b/README.md
index 8865144..d071da3 100644
--- a/README.md
+++ b/README.md
@@ -85,6 +85,23 @@ jobs:
           update: ./upgrade-lxc-helpers
 ```
 
+# Pull requests from forked repositories
+
+When `cascading-pr` runs as a consequence of pull request from a
+forked repository, the workflow must be triggered by a `pull_request_target`
+event otherwise it will not have access to secrets.
+
+# Prevent privilege escalation
+
+When `cascading-pr` runs as a consequence of a pull request from a
+repository forked from `orgin-repo`, it should create a pull request
+from a forked repository of `destination-repo` by specifying the
+`destination-fork-repo`.
+
+If the `destination-fork-repo` repository does not exist, it will be
+created as a fork of the `destination-repo` repository, using
+`destination-token`.
+
 # Hacking
 
 The test environment consists of the following (all users password is admin1234)
diff --git a/tests/run.sh b/tests/run.sh
index cac5bb9..4e96038 100755
--- a/tests/run.sh
+++ b/tests/run.sh
@@ -356,10 +356,14 @@ function run() {
 }
 
 function integration() {
-    run create_in_destination_fork_and_close
     run no_change_no_cascade_pr
+    run create_in_destination_fork_and_close
+    run create_and_close
     run create_from_origin_fork_and_close
-    run create_and_close create_and_merge
+    run create_and_merge
+    run create_in_destination_fork_and_close
+    run create_in_existing_destination_fork_and_close
+    run create_in_organization_destination_fork_and_close
     run create_and_merge_close
 }