diff --git a/phase9_security.sh b/phase9_security.sh
index 79a9651..72ac48d 100755
--- a/phase9_security.sh
+++ b/phase9_security.sh
@@ -92,7 +92,11 @@ for repo in "${REPOS[@]}"; do
 
   REPO_URL="${GITEA_BASE_URL}/${GITEA_ORG_NAME}/${repo}.git"
   log_info "Cloning ${repo}..."
-  git_with_auth git clone -q "$REPO_URL" "$CLONE_DIR"
+  if ! git_with_auth git clone -q "$REPO_URL" "$CLONE_DIR"; then
+    log_error "Failed to clone ${repo}"
+    FAILED=$((FAILED + 1))
+    continue
+  fi
 
   # -------------------------------------------------------------------------
   # Step 2: Render security workflow template
@@ -109,13 +113,18 @@ for repo in "${REPOS[@]}"; do
   # -------------------------------------------------------------------------
   # Step 3: Commit and push
   # -------------------------------------------------------------------------
-  cd "$CLONE_DIR"
-  git config user.name "Gitea Migration"
-  git config user.email "migration@gitea.local"
-  git add .gitea/workflows/security-scan.yml
-  git commit -q -m "Add security scanning workflow (Semgrep + Trivy + Gitleaks)"
-  git_with_auth git push -q origin HEAD
-  cd "$SCRIPT_DIR"
+  if ! (
+    cd "$CLONE_DIR"
+    git config user.name "Gitea Migration"
+    git config user.email "migration@gitea.local"
+    git add .gitea/workflows/security-scan.yml
+    git commit -q -m "Add security scanning workflow (Semgrep + Trivy + Gitleaks)"
+    git_with_auth git push -q origin HEAD
+  ); then
+    log_error "Failed to commit/push security workflow to ${repo}"
+    FAILED=$((FAILED + 1))
+    continue
+  fi
 
   log_success "Security workflow deployed to ${repo}"