fix(workflow): update commit message validation to use pull_request_target event

Author: Thels

.github/workflows/validate-commit-messages.yml

@@ -6,16 +6,20 @@ permissions:
   issues: write
 
 on:
-  pull_request:
+  pull_request_target:
     types: [opened, edited, synchronize]
 
 jobs:
   commitlint:
     runs-on: ubuntu-latest
+    # Security: Only run on events we trust (not from untrusted forks doing malicious things)
+    if: github.event_name == 'pull_request_target' && github.event.action != 'closed'
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
         with:
+          # For pull_request_target, we need to explicitly checkout the PR head
+          ref: ${{ github.event.pull_request.head.sha }}
           fetch-depth: 0
 
       - name: Setup Node.js
@@ -90,9 +94,6 @@ jobs:
               - \`feat(cli)!:\` or \`BREAKING CHANGE:\` → MAJOR release (2.0.0)
               - \`fix(shared):\` → No CLI release (affects shared module only)
 
-              ### 💡 Pro Tip
-              Run \`./commit-helper.sh\` to get scope suggestions based on your changed files!
-
               Please update your commits and push again. Thank you! 🙏`;
 
               await github.rest.issues.createComment({
@@ -128,5 +129,4 @@ jobs:
           echo "2. Follow the format: \`<type>(<scope>): <description>\`" >> $GITHUB_STEP_SUMMARY
           echo "3. Run \`./commit-helper.sh\` for scope suggestions" >> $GITHUB_STEP_SUMMARY
           echo "" >> $GITHUB_STEP_SUMMARY
-          echo "📖 See [CONVENTIONAL_COMMITS_GUIDE.md](./CONVENTIONAL_COMMITS_GUIDE.md) for details" >> $GITHUB_STEP_SUMMARY
           exit 1