diff --git a/.github/workflows/deny.yml b/.github/workflows/deny.yml
index 15a1936..b3e6e89 100644
--- a/.github/workflows/deny.yml
+++ b/.github/workflows/deny.yml
@@ -22,8 +22,11 @@ jobs:
     timeout-minutes: 15
     # PolicyStack is a Python project; cargo-deny only applies when a Cargo.toml
     # is present (i.e. when this repo contains a Rust crate). Skip otherwise so
-    # the workflow stays green for non-Rust pushes.
-    if: hashFiles('**/Cargo.toml') != ''
+    # the workflow stays green for non-Rust pushes. GitHub Actions' workflow
+    # expression parser rejects `hashFiles(...)` in a job-level `if:` clause with
+    # "Unrecognized function: 'hashFiles'", which fails validation before any
+    # jobs are scheduled. We use a static skip until a Rust crate is added.
+    if: false
     steps:
       - name: Checkout repository
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4