Validate agent names before Docker build in python-docker-build workflow

[Copilot]

Summary

Agent names extracted from git diff output via cut -d/ -f2 were flowing unvalidated into Docker build arguments (-t, -f, path). On pull_request triggers from forks, a contributor could craft a directory name with characters invalid in Docker image tags or that confuse shell tooling (spaces, colons, uppercase, etc.).

Added an allowlist regex check in the detect job's agent-discovery loop:

if [[ ! "$agent" =~ ^[a-z0-9][a-z0-9_-]*$ ]]; then
  echo "::warning::Skipping agent with invalid name: '$agent'" >&2
  continue
fi

Names not matching ^[a-z0-9][a-z0-9_-]*$ are skipped with a workflow warning rather than passed to docker build.

Testing

• Not run (why?)
• uv run poe check
• Other: CodeQL static analysis — 0 alerts

Checklist

• Linked issue or task reference
• Added/updated tests where relevant
• Updated docs/README if needed
• No secrets or sensitive data added
• Considered backward compatibility and deployment impact

Additional context

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.