docs(instructions): never suggest pull_request_target over pull_request

[Copilot]

Summary

• add an explicit trigger-selection rule in workflow creation instructions: never suggest pull_request_target as a replacement for pull_request
• update trigger update guidance with the same rule for workflow edits
• align syntax guidance to use pull_request for labeled-trigger examples

Validation

• make build && make fmt && make agent-report-progress
• parallel_validation (Code Review: success, CodeQL: skipped as trivial docs-only change)

[Copilot]

Pull request overview

Updates the Agentic Workflow authoring docs to add a clear security rule: don’t recommend pull_request_target as a substitute for pull_request, and align label-trigger guidance accordingly.

Changes:

• Added explicit trigger-selection guidance in workflow creation instructions to keep pull_request unless pull_request_target is explicitly required.
• Added the same guidance to workflow frontmatter edit instructions.
• Updated syntax reference to use pull_request (not pull_request_target) in labeled-trigger examples and cleaned up trailing whitespace.

Show a summary per file

File	Description
.github/aw/update-agentic-workflow.md	Adds an explicit “don’t suggest pull_request_target” rule when editing workflow triggers.
.github/aw/syntax.md	Adjusts labeled-trigger guidance to reference pull_request and removes trailing whitespace.
.github/aw/create-agentic-workflow.md	Adds an explicit security rule for trigger selection during workflow creation.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 3/3 changed files
• Comments generated: 0