diff --git a/.github/workflows/plugin-release.yaml b/.github/workflows/plugin-release.yaml
index 271ea55..da8e6fc 100644
--- a/.github/workflows/plugin-release.yaml
+++ b/.github/workflows/plugin-release.yaml
@@ -34,12 +34,33 @@ concurrency:
   cancel-in-progress: false
 
 jobs:
+  check-secrets:
+    runs-on: runners-privilegedescalation
+    outputs:
+      ready: ${{ steps.check.outputs.ready }}
+    steps:
+      - name: Verify RELEASE_APP_ID is configured
+        id: check
+        env:
+          RELEASE_APP_ID: ${{ secrets.RELEASE_APP_ID }}
+        run: |
+          if [ -z "$RELEASE_APP_ID" ]; then
+            echo "::notice::RELEASE_APP_ID org secret is not configured (see PRI-380). Release skipped — no artifacts will be created."
+            echo "ready=false" >> $GITHUB_OUTPUT
+          else
+            echo "ready=true" >> $GITHUB_OUTPUT
+          fi
+
   ci:
+    needs: check-secrets
+    if: needs.check-secrets.outputs.ready == 'true'
     uses: ./.github/workflows/plugin-ci.yaml
     with:
       node-version: ${{ inputs.node-version }}
 
   check-tag:
+    needs: check-secrets
+    if: needs.check-secrets.outputs.ready == 'true'
     runs-on: runners-privilegedescalation
     outputs:
       skip: ${{ steps.check.outputs.skip }}
@@ -58,8 +79,8 @@ jobs:
           fi
 
   release:
-    needs: [ci, check-tag]
-    if: needs.check-tag.outputs.skip != 'true'
+    needs: [ci, check-tag, check-secrets]
+    if: needs.check-secrets.outputs.ready == 'true' && needs.check-tag.outputs.skip != 'true'
     runs-on: runners-privilegedescalation
     timeout-minutes: 10