chore: increase max items for project updates and add fields

[mnkiefer]

• Increases the allowed number of project board updates per run for the "Security Alert Burndown" workflow and clarifies instructions for updating project board items.

[github-actions]

🛡️ Security Posture Analysis

This PR contains a change that affects the security posture. Please review the following concern:

🟡 Safe Output Limits Increased: Project Update Limit 10x Increase

Location: .github/workflows/security-alert-burndown.md:21 and .github/workflows/security-alert-burndown.lock.yml:158

Change Detected:

safe-outputs:
  update-project:
-    max: 10
+    max: 100

Security Impact: The update-project safe output limit has been increased from 10 to 100 items per workflow run (a 10x increase). This significantly expands the potential blast radius if:

• The workflow is compromised or behaves unexpectedly
• An accidental infinite loop or bug causes excessive project updates
• Rate limiting protections become less effective

While this may be operationally necessary for the Security Alert Burndown workflow to process more alerts, it reduces the safety boundaries that prevent runaway automation.

Recommendation:

1. Verify this 10x increase is justified by actual operational needs (e.g., are you regularly hitting the 10-item limit?)
2. Consider implementing additional safeguards:
   • Add rate limiting or throttling logic in the workflow itself
   • Monitor for unusual spike in project updates
   • Document why 100 items per run is needed vs. running more frequently with lower limits
3. Consider a more conservative increase (e.g., 25 or 50) if 100 is not strictly required

---

Summary

Category	Severity	Count
Safe Output Limits	🟡 Medium	1

Note: This is an automated analysis. The increase may be justified for operational reasons, but it's worth documenting the rationale and ensuring appropriate monitoring is in place.

AI generated by Security Guard Agent 🛡️