diff --git a/.gitea/workflows/pr-check.yml b/.gitea/workflows/pr-check.yml
index d09ca0a..fba94e6 100644
--- a/.gitea/workflows/pr-check.yml
+++ b/.gitea/workflows/pr-check.yml
@@ -112,12 +112,14 @@ jobs:
           UV_NO_PROGRESS: "1"
         run: |
           uv pip compile pyproject.toml --no-deps -o requirements-prod.txt
-          uv run pip-audit --format json --output audit-results.json -r requirements-prod.txt || true
-          if [ -s audit-results.json ] && [ "$(cat audit-results.json)" != "[]" ]; then
-            echo "❌ Found vulnerabilities"
+          # pip-audit returns exit code 1 if vulnerabilities found, 0 if none
+          if uv run pip-audit --format json --output audit-results.json -r requirements-prod.txt; then
+            echo "✅ No vulnerabilities found"
+            rm -f audit-results.json
+          else
+            echo "❌ Found vulnerabilities - see security-audit artifact"
             exit 1
           fi
-          echo "✅ No vulnerabilities found"
       
       - name: Upload audit log
         uses: actions/upload-artifact@v3