Add date-range caveat to first_open and first_series_disengagement field descriptions #46

	name: Zizmor Workflow Security Scan

	on:
	pull_request:
	merge_group:

	permissions:
	contents: read

	jobs:
	zizmor-scan:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout repository
	uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
	with:
	persist-credentials: false
	fetch-depth: 0

	- name: Detect workflow changes
	id: changes
	env:
	BASE_SHA: ${{ github.event.pull_request.base.sha \|\| github.event.merge_group.base_sha }}
	HEAD_SHA: ${{ github.event.pull_request.head.sha \|\| github.event.merge_group.head_sha }}
	run: \|
	if git diff --name-only "$BASE_SHA" "$HEAD_SHA" \| grep -q '^\.github/workflows/'; then
	echo "workflows=true" >> "$GITHUB_OUTPUT"
	else
	echo "workflows=false" >> "$GITHUB_OUTPUT"
	fi

	- name: Install zizmor
	if: steps.changes.outputs.workflows == 'true'
	run: pip install zizmor==1.25.2

	- name: Scan workflows
	if: steps.changes.outputs.workflows == 'true'
	run: zizmor --min-severity=medium .github/workflows/

Provide feedback