diff --git a/.gitea/workflows/gate-check-v3.yml b/.gitea/workflows/gate-check-v3.yml
index 5dad2701..f8d2b42c 100644
--- a/.gitea/workflows/gate-check-v3.yml
+++ b/.gitea/workflows/gate-check-v3.yml
@@ -40,16 +40,15 @@ jobs:
     runs-on: ubuntu-latest
     continue-on-error: true  # Never block on our own detector failing
     steps:
-      - name: Check out PR branch (head) for the script
-        # NOTE: we intentionally check out the HEAD/PR branch here — not the base.
-        # This is required so that script fixes in PR branches (e.g. the self-loop
-        # exclusion in signal_6_ci) are actually used when evaluating that PR.
-        # Security: this job runs with continue-on-error: true and does not
-        # execute arbitrary PR code — it only runs the gate-check script which
-        # is read-only (API reads + JSON stdout).
+      - name: Check out BASE ref (never PR-head under pull_request_target)
+        # pull_request_target runs with repo secrets-context, so checking out
+        # the PR HEAD would execute PR-branch gate_check.py with secrets.
+        # Fix: always load gate_check.py from the trusted base/default ref.
+        # Bug-1 (self-loop exclusion) + Bug-3 (403→exit0) from #547 are
+        # kept; only this checkout-ref regresses to pre-#547 behavior.
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
         with:
-          ref: ${{ github.event.pull_request.head.sha }}
+          ref: ${{ github.event.pull_request.base.sha || github.ref_name }}
 
       - name: Run gate-check-v3 (single PR mode)
         if: github.event_name == 'pull_request_target' || github.event.inputs.pr_number != ''