build(workflows): add Python to CodeQL analysis language matrix

[WilliamBerryiii]

Description

Added Python to the CodeQL security analysis workflow, expanding automated vulnerability scanning to cover Python scripts in the repository alongside existing GitHub Actions analysis. This is a single-file, additive change to the codeql-analysis.yml workflow.

• Extended the language matrix from [ 'actions' ] to [ 'actions', 'python' ] in codeql-analysis.yml
• Updated inline comments to reflect the expanded set of analyzed languages
• All existing workflow structure, SHA-pinned action references, and trigger configuration remained unchanged

Related Issue(s)

Closes #884

Type of Change

Select all that apply:

Code & Documentation:

• Bug fix (non-breaking change fixing an issue)
• New feature (non-breaking change adding functionality)
• Breaking change (fix or feature causing existing functionality to change)
• Documentation update

Infrastructure & Configuration:

• GitHub Actions workflow
• Linting configuration (markdown, PowerShell, etc.)
• Security configuration
• DevContainer configuration
• Dependency update

AI Artifacts:

• Reviewed contribution with prompt-builder agent and addressed all feedback
• Copilot instructions (.github/instructions/*.instructions.md)
• Copilot prompt (.github/prompts/*.prompt.md)
• Copilot agent (.github/agents/*.agent.md)
• Copilot skill (.github/skills/*/SKILL.md)

Note for AI Artifact Contributors:

• Agents: Research, indexing/referencing other project (using standard VS Code GitHub Copilot/MCP tools), planning, and general implementation agents likely already exist. Review .github/agents/ before creating new ones.
• Skills: Must include both bash and PowerShell scripts. See Skills.
• Model Versions: Only contributions targeting the latest Anthropic and OpenAI models will be accepted. Older model versions (e.g., GPT-3.5, Claude 3) will be rejected.
• See Agents Not Accepted and Model Version Requirements.

Other:

• Script/automation (.ps1, .sh, .py)
• Other (please describe):

Sample Prompts (for AI Artifact Contributions)

User Request:

Execution Flow:

Output Artifacts:

Success Indicators:

For detailed contribution requirements, see:

• Common Standards: docs/contributing/ai-artifacts-common.md - Shared standards for XML blocks, markdown quality, RFC 2119, validation, and testing
• Agents: docs/contributing/custom-agents.md - Agent configurations with tools and behavior patterns
• Prompts: docs/contributing/prompts.md - Workflow-specific guidance with template variables
• Instructions: docs/contributing/instructions.md - Technology-specific standards with glob patterns
• Skills: docs/contributing/skills.md - Task execution utilities with cross-platform scripts

Testing

• Automated validation commands were run during PR generation (see Required Automated Checks below).
• Security analysis confirmed no sensitive data, no dependency changes, and no privilege escalation.
• Diff-based assessment verified the change is purely additive with no removed lines or altered behavior.
• Manual testing was not performed; this change affects CI workflow configuration only.

Checklist

Required Checks

• Documentation is updated (if applicable)
• Files follow existing naming conventions
• Changes are backwards compatible (if applicable)
• Tests added for new functionality (if applicable)

AI Artifact Contributions

• Used /prompt-analyze to review contribution
• Addressed all feedback from prompt-builder review
• Verified contribution follows common standards and type-specific requirements

Required Automated Checks

The following validation commands must pass before merging:

• Markdown linting: npm run lint:md
• Spell checking: npm run spell-check
• Frontmatter validation: npm run lint:frontmatter
• Skill structure validation: npm run validate:skills
• Link validation: npm run lint:md-links
• PowerShell analysis: npm run lint:ps
• Plugin freshness: npm run plugin:generate

Security Considerations

• This PR does not contain any sensitive or NDA information
• Any new dependencies have been reviewed for security issues
• Security-related scripts follow the principle of least privilege

Additional Notes

• The change adds Python as a second language to the existing CodeQL matrix, enabling GitHub's automated security analysis to scan Python files for vulnerabilities.
• All GitHub Actions in the workflow remain SHA-pinned to their existing commits.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

[WilliamBerryiii]

Note ... this will NOT pass until we have python in the repo from the PR introducing the python backed skill for PPTX

[WilliamBerryiii]

PR Compliance Update — Updated the issue reference in the Related Issue(s) section:

• Before: Related to #884
• After: Closes #884

Using Closes (or Fixes) ensures GitHub automatically closes the linked issue when this PR merges. The rest of the PR body was already well-formatted. 👍