Potential fix for code scanning alert no. 2: Incomplete URL substring sanitization

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: Mustapha BARKI <code4yo@gmail.com>

Author: akabarki76

packages/core/src/tools/web-fetch.ts

@@ -188,10 +188,16 @@ ${textContent}
     // Perform GitHub URL conversion here to differentiate between user-provided
     // URL and the actual URL to be fetched.
     const urls = extractUrls(params.prompt).map((url) => {
-      if (url.includes('github.com') && url.includes('/blob/')) {
-        return url
-          .replace('github.com', 'raw.githubusercontent.com')
-          .replace('/blob/', '/');
+      try {
+        const parsedUrl = new URL(url);
+        if (parsedUrl.hostname === 'github.com' && url.includes('/blob/')) {
+          return url
+            .replace('github.com', 'raw.githubusercontent.com')
+            .replace('/blob/', '/');
+        }
+      } catch (e) {
+        // If URL parsing fails, ignore this URL
+        console.error(`Invalid URL encountered: ${url}`);
       }
       return url;
     });