pull_request_target runs with the repo's secrets-context. Checking out
github.event.pull_request.head.sha means a PR that modifies
tools/gate-check-v3/gate_check.py executes that modified script with
secrets. This is the canonical pull_request_target footgun.
Fix: checkout base SHA instead of head SHA for pull_request_target events.
Bug-1 (self-loop exclusion) and Bug-3 (403→exit0) from #547 are kept;
only the checkout-ref regresses to the pre-#547 base-branch behavior.
Refs: #551, internal#116, RFC#324 A4, feedback_pull_request_target_workflow_from_base
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
core-devops