Potential fix for code scanning alert no. 3: Incomplete URL substring sanitization

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

Author: programmersd21

core/github_installer.py

@@ -58,7 +58,9 @@ def parse_github_url(url: str) -> Tuple[str, str]:
 
         # Handle full URL
         parsed = urlparse(url)
-        if parsed.hostname and "github.com" in parsed.hostname:
+        hostname = (parsed.hostname or "").lower()
+        # Accept only github.com or its subdomains (e.g., gist.github.com), not arbitrary hosts
+        if hostname == "github.com" or hostname.endswith(".github.com"):
             parts = parsed.path.strip("/").split("/")
             if len(parts) >= 2:
                 owner = parts[0]