diff --git a/.github/steps/2-tbd.md b/.github/steps/2-tbd.md
index 6916c11..ec2a0fc 100644
--- a/.github/steps/2-tbd.md
+++ b/.github/steps/2-tbd.md
@@ -20,6 +20,7 @@ In the last step, you enabled secret scanning on the repository and committed an
 This page contains the list of secret scanning alerts. You can filter and sort this page based on criteria such as the alert state (open or closed), validity, and secret type. You will see two different alerts listed here.
  - **Amazon AWS Secret Access Key**: This is the access key you committed in the last step
  - **Amazon AWS Access Key ID**: This is the key ID committed in the last step
+ - **GitHub Personal Access Token**: This token was already in the `credentials.yml`before you got started
 
 ### :keyboard: Activity 2: Review a secret scanning alert