You can add a key, and verify if the key is being passed correctly. It is another "security layer" that you can add, and is not hard to manipulate it through PHP.
Another possibility is to verify the "sender".
Also, keep on mind that git pull will only update your codebase, if you have changes in database, new gems, or need to clean cache it will not happen with this command. I'd create a .sh to update the whole database, and run it.
Now, forget everything I said above, and use a continuous deploy system like CodeShip (I don't work there) plus a good deploy recipe, and it will make your life a dream. I'm using it since sometime ago and it is great.