From looking at the documentation of that action the workflow as such should be fine as long as the secret you use exists. What I can’t see is the secret: Is it a valid token with the required scopes, and nothing else (no extra spaces, etc.)?
Oh, it needs to be a personal token instead of an org token. Will I need to to change any of the syntax other than needing to change the name of the token? Or for the value of the token the value of my token?