Critical Security Flaw in py-bugger CLI: Path Traversal via --target-dir Parameter

A critical security vulnerability has been identified in the py-bugger tool, exposing systems to potential path traversal attacks. The flaw resides in the `_check_git_status()` function within the CLI utilities, where user-supplied input is passed directly to a subprocess call without any sanitization. This allows an attacker to manipulate the `--target-dir` argument to escape the intended directory and potentially access or modify sensitive files elsewhere on the filesystem.

The specific vulnerability is in `src/py_bugger/cli/cli_utils.py` between lines 182 and 192. The `git_dir` variable, which is populated from the user-controlled `--target-dir` command-line flag, is used in a subprocess call without validation. An attacker can simply run the tool with a malicious argument like `--target-dir "../../etc"` to demonstrate the path traversal capability. The severity of this issue is categorized as critical, as it could lead to unauthorized file system access.

The lack of input validation for a core utility function represents a significant oversight in the tool's security posture. The proposed fix is straightforward: implement validation to ensure the `target_dir` is strictly contained within the expected project root before it is used in any system operations. Until patched, any deployment or script relying on py-bugger's CLI with untrusted input carries substantial risk.