security: run OutputPipeline on post-comment before forge API post

[ifireball]

Summary

fullsend post-comment reads agent output and posts directly to the GitHub API without calling OutputPipeline(). If invoked standalone (outside a fullsend run that already scanned output files), content can reach the forge with:

• Unredacted secrets (API keys, tokens)
• Zero-width–obfuscated tokens that would be caught after unicode normalization + redaction

Context

Identified during review of #1178 (fix for #444). That PR wires OutputPipeline() into sandbox post-tool hooks, fullsend scan output, and scanOutputFiles, but not this command.

Suggested fix

Before posting, run security.OutputPipeline().Scan() on the comment body (same pattern as fullsend scan output in internal/cli/scan.go).

References

• security: zero-width characters evade secret redaction due to hook ordering #444
• fix(security): run unicode normalization before secret redaction #1178

[fullsend-ai-triage]

Triage Summary

Severity: High — security gap in output boundary
Category: Security

Problem

fullsend post-comment (internal/cli/postcomment.go) reads the comment body and passes it directly to sticky.Post() without running it through security.OutputPipeline().Scan(). This creates a path for unredacted secrets and zero-width-obfuscated tokens to reach the GitHub API.

Root Cause

The body read on line 58 flows directly to the forge call on line 70 with no intermediate security scan. OutputPipeline() already exists in internal/security/scanner.go and is used elsewhere, but was not wired into this command.

Recommended Fix

After reading the body, call security.OutputPipeline().Scan(body) and use the sanitized result before posting. Follow the existing pattern in internal/cli/scan.go.

Relationship to #444 / #1178

This issue was identified during review of PR #1178 (which addresses #444). However, since OutputPipeline() already exists in the codebase, this fix can proceed independently of #1178.

Proposed Test Case

Test: post-comment sanitizes secrets before posting

Setup:
  - Create body containing a GitHub PAT pattern (ghp_AAAA...)
  - Create body containing zero-width character obfuscated token

Assertions:
  - Dry-run output shows redacted secret (e.g., "[REDACTED]")
  - Zero-width chars are normalized before redaction
  - Clean body (no secrets) passes through unchanged

---

Labels: This is a security issue involving secret leakage through an unscanned output path. High priority given the threat model's emphasis on preventing secret exposure.