From 245b6b866bc3249b351fe1662d0d71f1e532c2bd Mon Sep 17 00:00:00 2001
From: Oliver Baer <75138893+mrwind-up-bird@users.noreply.github.com>
Date: Tue, 10 Mar 2026 02:54:22 +0100
Subject: [PATCH] fix(autofix): Command injection via unvalidated input

---
 examples/github-actions/complexity-gate.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/examples/github-actions/complexity-gate.yml b/examples/github-actions/complexity-gate.yml
index 01230149..e9bcf89d 100644
--- a/examples/github-actions/complexity-gate.yml
+++ b/examples/github-actions/complexity-gate.yml
@@ -68,7 +68,7 @@ jobs:
           else
             echo "has_changes=false" >> $GITHUB_OUTPUT
           fi
-
+          git diff --name-only "${{ github.event.pull_request.base.sha }}".."${{ github.sha }}" \
       - name: Analyze Complexity
         if: steps.changed.outputs.has_changes == 'true'
         id: analyze