[plan] Address Static Analysis Findings from December 2025 Scan

[github-actions]

Overview

This tracking issue covers the remediation of security, code quality, and linting issues identified in the December 2, 2025 static analysis scan of 92 agentic workflows.

Source: Discussion #5280

Summary of Findings

• Total Issues: 13 across 8 workflows
• 1 Medium severity security issue (credential exposure)
• 7 blocking errors (syntax/runtime failures)
• 5 Informational/Low security warnings

Planned Remediation Tasks

The work is broken down into the following priority-based tasks:

Priority 1: Security (Medium Severity)

1. Fix credential persistence vulnerability in release.md - Address artipacked finding to prevent credential exposure through artifacts

Priority 2: Blocking Errors

2. Fix syntax error in cloclo.md - Correct invalid YAML syntax that prevents workflow execution
3. Fix expression error in close-old-discussions.md - Fix undefined property reference

Priority 3: Code Quality

4. Fix shellcheck quoting issues in go-pattern-detector.md and release.md - Add proper quotes to prevent word splitting and glob expansion

Priority 4: Security Warnings

5. Review and address template injection warnings - Review 5 workflows with low-severity template injection findings

Success Criteria

• All blocking errors resolved (workflows can execute)
• Medium severity security issue mitigated
• Shellcheck warnings eliminated
• Template injection warnings reviewed and addressed as needed
• All fixes validated with static analysis tools

Timeline

• Priority 1-2: This week
• Priority 3: Next sprint
• Priority 4: Next sprint

AI generated by Plan Command for discussion #5280