Add reporting guidelines to daily-malicious-code-scan workflow

[Copilot]

The daily malicious code scan workflow (312 lines) lacked standardized formatting guidelines for its security reports.

Changes

• Added imports: - shared/reporting.md to workflow frontmatter
• Compiled lock file now includes reporting guidelines in agent prompt

Impact

The workflow now inherits standardized report formatting rules:

• Header hierarchy: h3+ only (h1/h2 reserved for titles)
• Progressive disclosure: Critical findings visible, detailed scans in <details> tags
• Consistent structure: Summary → Critical Issues → Details (collapsible) → Recommendations

Example output structure:

### Security Scan Summary
- Files scanned: 234
- Critical issues: 0
- Status: ✅ Clean

### Critical Findings
[Always visible]

<details>
<summary><b>View Detailed Scan Results</b></summary>

### File-by-File Analysis
[Comprehensive breakdown]

</details>

Aligns with reporting patterns used across other security workflows (e.g., daily-secrets-analysis).

Original prompt

---

This section details on the original issue you should resolve

<issue_title>[workflow-style] Normalize report formatting for daily-malicious-code-scan</issue_title>
<issue_description>### Workflow to Update

Workflow File: .github/workflows/daily-malicious-code-scan.md
Issue: This daily security workflow (312 lines) doesn't import shared/reporting.md which contains markdown style guidelines

Required Changes

Add the import to the frontmatter:

imports:
  - shared/reporting.md

This will provide the workflow with standardized formatting guidelines for security reports:

1. Header Level Guidelines

• Use h3 (###) or lower for all headers to maintain proper document hierarchy
• Never use h2 (##) or h1 (#) in reports - these are reserved for titles

2. Progressive Disclosure Guidelines

• Wrap scan details in <details><summary><b>Section Name</b></summary> tags
• Show critical security findings immediately
• Hide detailed file-by-file analysis in collapsible sections

Example for security reports:

### Security Scan Summary
- Files scanned: 234
- Critical issues: 0
- Warnings: 2
- Status: ✅ Clean

### Critical Findings
[Always visible - empty if none found]

<details>
<summary><b>View Detailed Scan Results</b></summary>

### File-by-File Analysis
[Comprehensive breakdown of each scanned file]

### Warning Details
[Details about non-critical warnings]

</details>

### Recommendations
[Actionable next steps - keep visible if findings exist]

3. Security Report Structure

• Summary: Scan status and counts (always visible)
• Critical Findings: Security issues requiring immediate attention (always visible)
• Detailed Results: Per-file scan results (in <details> tags)
• Recommendations: Remediation steps (visible if issues found)

Design Principles (Airbnb-Inspired)

Security reports should:

1. Build trust through clarity: Critical issues immediately visible
2. Exceed expectations: Include trends (vs. previous scans), context
3. Create delight: Use progressive disclosure - don't overwhelm with clean file lists
4. Maintain consistency: Follow patterns used across all security workflows

Example Reference

See workflows like daily-secrets-analysis or security-focused workflows that create clear, actionable reports.

Validation

After updating:

1. Run the workflow manually with workflow_dispatch
2. Verify the report uses h3+ headers (not h1 or h2)
3. Check that detailed scan results use <details> tags
4. Confirm critical findings and summary are immediately visible

Priority: Medium-High - Daily security workflow (312 lines), important for visibility of security status

AI generated by Workflow Normalizer

• expires on Jan 28, 2026, 12:26 PM UTC

Comments on the Issue (you are @copilot in this section)

• Fixes [workflow-style] Normalize report formatting for daily-malicious-code-scan #10976

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.