fix: sidebar reminder

[scode2277]

This workflow now uses pull_request_target so it can also comment on PRs from forks too(with just pull_request, fork PRs don't have write permissions to post comments).

This doesn't open any attack vectors as the workflow never checks out code; it only reads file metadata from the GitHub API to see if any files in docs/pages were added, renamed, or deleted.

Also hardened the filename sanitization to strip Unicode direction overrides

Frameworks PR Checklist

Thank you for contributing to the Security Frameworks! Before you open a PR, make sure to read information for contributors and take a look at the following checklist:

• Describe your changes, substitute this text with the information
• If you are touching an existing piece of content, tag current contributors from the attribution list
• If there is a steward for that framework, ask the steward to review it
• If you're modifying the general outline, make sure to update it in the vocs.config.ts adding the dev: true parameter
• If you need feedback for your content from the wider community, share the PR in our Discord
• Review changes to ensure there are no typos, see instructions below

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
frameworks	Ready	Preview, Comment	Feb 12, 2026 3:28pm