Merge pull request #243 from netwrix/dev

updated doc reviewer

Author: jth-nw

.github/workflows/claude-documentation-reviewer.yml

@@ -1,7 +1,7 @@
 name: Documentation Reviewer
 
 on:
-  pull_request:
+  pull_request_target:
     types: [opened, edited, reopened, synchronize]
     paths:
       - '**.md'
@@ -23,8 +23,8 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v4
         with:
-          # Ensures the action checks out the PR branch instead of main
-          ref: ${{ github.event.pull_request.head.ref || github.head_ref || github.ref }}
+          # Use head SHA (not branch ref) to prevent TOCTOU attacks from forks
+          ref: ${{ github.event.pull_request.head.sha || github.sha }}
           fetch-depth: 0 # Need full history to compare with base branch
 
       - name: Get changed markdown files