diff --git a/projenrc/automerge.ts b/projenrc/automerge.ts
index c1ccd60..cf353d2 100644
--- a/projenrc/automerge.ts
+++ b/projenrc/automerge.ts
@@ -7,16 +7,16 @@ import { javascript } from "projen";
 import { JobPermission } from "projen/lib/github/workflows-model";
 
 /**
- * Merges PRs with the "automerge" label
+ * Enables GitHub's built-in automerge for PRs with the "automerge" label
  */
-export class AutoMerge {
+export class Automerge {
   constructor(project: javascript.NodeProject) {
     const workflow = project.github?.addWorkflow("automerge");
 
     if (!workflow) throw new Error("no workflow defined");
 
     workflow.on({
-      pullRequest: {
+      pullRequestTarget: {
         types: [
           "opened",
           "labeled",
@@ -29,6 +29,7 @@ export class AutoMerge {
 
     (workflow.concurrency as any) = "${{ github.workflow }}-${{ github.ref }}";
 
+    const maintainerStatuses = `fromJSON('["OWNER", "MEMBER", "COLLABORATOR"]')`;
     workflow.addJobs({
       automerge: {
         runsOn: ["ubuntu-latest"],
@@ -39,7 +40,8 @@ export class AutoMerge {
             uses: "actions/checkout@v3",
           },
           {
-            name: "Turn on automerge for this PR",
+            name: "Turn on automerge for this PR by a trusted user or bot",
+            if: `github.event.pull_request.user.login == 'team-tf-cdk' || contains(${maintainerStatuses}, github.event.pull_request.author_association) || github.actor == 'dependabot[bot]`,
             run: "gh pr merge --auto --squash ${{ github.event.pull_request.number }}",
             env: {
               GH_TOKEN: "${{ secrets.PROJEN_GITHUB_TOKEN }}",