diff --git a/.github/workflows/comment-perf.yaml b/.github/workflows/comment-perf.yaml
index a6ad2e02..e0576106 100644
--- a/.github/workflows/comment-perf.yaml
+++ b/.github/workflows/comment-perf.yaml
@@ -21,13 +21,32 @@ jobs:
         uses: actions/download-artifact@v4
         with:
           name: benchmark-report
-          path: benchmark-report.txt
+          path: benchmark-report.md
           github-token: ${{ secrets.ROCKSBOT_CHISEL_PR_COMMENTER }}
           run-id: ${{ github.event.workflow_run.id }}
 
+      - name: Get PR number
+        id: get-pr-number
+        env:
+          GH_TOKEN: ${{ secrets.ROCKSBOT_CHISEL_PR_COMMENTER }}
+          # The branch name is considered an untrusted input value (under the
+          # contributor's control), so store it in a variable to avoid shell
+          # injection.
+          # In the unlikely case where multiple PRs, on the same branch, from the
+          # same author exists, the most recent one is selected.
+          QUERY_PR: "head:${{ github.event.workflow_run.head_branch }} sort:updated-desc author:${{ github.event.workflow_run.head_repository.owner.login }} ${{ github.event.workflow_run.head_sha }}"
+          # Filters and formats the JSON into a `key=value` string with basic error handling.
+          JQ_FILTER: >-
+            .[0]
+            | if (.number == null) then error("Cannot find PR number") end
+            | "number=\(.number)"
+        run: |
+          gh pr list --repo "${{ github.repository }}" --state all --search "${QUERY_PR}" \
+          --json number --jq "${JQ_FILTER}" >> "${GITHUB_OUTPUT}"
+
       - name: Post message to PR
-        uses: mshick/add-pr-comment@dd126dd8c253650d181ad9538d8b4fa218fc31e8
+        uses: mshick/add-pr-comment@dd126dd8c253650d181ad9538d8b4fa218fc31e8 # v2
         with:
-          message-path: benchmark-report.txt
-          issue: ${{ github.event.workflow_run.pull_requests[0].number }}
+          message-path: benchmark-report.md
+          issue: ${{ steps.get-pr-number.outputs.number }}
           repo-token: ${{ secrets.ROCKSBOT_CHISEL_PR_COMMENTER }}
diff --git a/.github/workflows/performance.yaml b/.github/workflows/performance.yaml
index 1d9c7063..30144e65 100644
--- a/.github/workflows/performance.yaml
+++ b/.github/workflows/performance.yaml
@@ -65,14 +65,12 @@ jobs:
       - name: Run benchmark
         id: benchmark
         run: |
-          msg_file="$(mktemp)"
-          echo "msg_file=$msg_file" >> $GITHUB_OUTPUT
           chmod +x base head
-          hyperfine --export-markdown "$msg_file" "./base info --release ./chisel-releases 'python3.12_core'" -n "BASE" "./head info --release ./chisel-releases 'python3.12_core'" -n "HEAD"
+          hyperfine --export-markdown benchmark-report.md "./base info --release ./chisel-releases 'python3.12_core'" -n "BASE" "./head info --release ./chisel-releases 'python3.12_core'" -n "HEAD"
 
       - name: Upload result
         uses: actions/upload-artifact@v4
         with:
           name: benchmark-report
-          path: ${{ steps.benchmark.outputs.msg_file }}
+          path: benchmark-report.md
           retention-days: 1