Add CI guard to block forbidden files in workflows/

Prevents contributors from pushing compiled YAML (.yml, .yaml, .lock.yml)
or .github/ directories into the workflows/ directory. Only .md markdown
source files are accepted — compilation happens downstream via gh aw compile.

This is a security measure to prevent malicious GitHub Actions code
from being introduced through contributed agentic workflows.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

.github/workflows/block-workflow-yaml.yml

@@ -0,0 +1,64 @@
+name: Block Forbidden Workflow Contribution Files
+
+on:
+  pull_request:
+    branches: [staged]
+    types: [opened, synchronize, reopened]
+    paths:
+      - "workflows/**"
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  check-forbidden-files:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Check for forbidden files in workflows/
+        id: check
+        run: |
+          # Check for YAML/lock files in workflows/ and any .github/ modifications
+          forbidden=$(git diff --name-only --diff-filter=ACM origin/${{ github.base_ref }}...HEAD -- \
+            'workflows/**/*.yml' \
+            'workflows/**/*.yaml' \
+            'workflows/**/*.lock.yml' \
+            '.github/*' \
+            '.github/**')
+
+          if [ -n "$forbidden" ]; then
+            echo "❌ Forbidden files detected:"
+            echo "$forbidden"
+            echo "files<<EOF" >> "$GITHUB_OUTPUT"
+            echo "$forbidden" >> "$GITHUB_OUTPUT"
+            echo "EOF" >> "$GITHUB_OUTPUT"
+            exit 1
+          else
+            echo "✅ No forbidden files found in workflows/"
+          fi
+
+      - name: Comment on PR
+        if: failure()
+        uses: marocchino/sticky-pull-request-comment@v2
+        with:
+          header: workflow-forbidden-files
+          message: |
+            ## 🚫 Forbidden files in `workflows/`
+
+            Only `.md` markdown files are accepted in the `workflows/` directory. The following are **not allowed**:
+            - Compiled workflow files (`.yml`, `.yaml`, `.lock.yml`) — could contain untrusted Actions code
+            - `.github/` modifications — workflow contributions must not modify repository configuration
+
+            **Files that must be removed:**
+            ```
+            ${{ steps.check.outputs.files }}
+            ```
+
+            Contributors provide the workflow **source** (`.md`) only. Compilation happens downstream via `gh aw compile`.
+
+            Please remove these files and push again.