Security PoC: pull_request_target workflow checks out fork head

[thom-pplx]

Non-destructive security PoC – DO NOT MERGE.

This draft PR is intentionally benign. It changes only charts/pgcat/values.yaml by adding a comment marker so that the existing workflow path filter is satisfied.

The proof condition is the PR shape, not the content:

• source branch is from a fork: thom-pplx/pgcat
• changed path matches .github/workflows/generate-chart-readme.yaml: charts/*/values.yaml
• base workflow runs on pull_request_target
• job grants contents: write
• checkout uses the untrusted PR head repository/ref and passes secrets.GITHUB_TOKEN

That combination means a fork-origin PR can cause the base repository workflow to run with elevated repository credentials while checking out attacker-controlled PR content.

No payload is included in this PR.

Recommended fix: replace this with a read-only pull_request check, remove write permissions from PR-triggered execution, or split the workflow so any write-back step runs only on trusted base-repo content.

[thom-pplx]

Observed proof from workflow run 26027369242:

• event: pull_request_target
• conclusion: success
• GITHUB_TOKEN Permissions included Contents: write
• checkout input included repository: thom-pplx/pgcat
• checkout input included ref: poc/pull-request-target-chart-readme
• checkout input included token: ***
• checkout input included persist-credentials: true
• logs show Syncing repository: thom-pplx/pgcat
• logs show git configured http.https://github.com/.extraheader AUTHORIZATION: basic ***

This demonstrates the vulnerable condition without including any exploit payload: a fork-origin PR can trigger a base-repository pull_request_target workflow that has write-capable credentials while checking out the fork's head branch.