fix: skip codeowner notification for Admin Support tracking issues in claude-issue-labeler.yml

[hilram7]

Summary

• Extends the existing early-exit pattern in claude-issue-labeler.yml Step 4 to cover Admin Support PR review tracking issues, which were incorrectly triggering codeowner team mentions and product label application.

Changes

• .github/workflows/claude-issue-labeler.yml: Added ISSUE_TITLE env var to Step 4 and a new early-exit guard — skips codeowner notification when the issue title starts with Admin: PR review (the title pattern used by auto-create-pr-tracking-issues.yml for the admin path).

Testing

Dry-run of the Step 4 bash against issue #1035 (the admin tracking issue created for PR #1034 that triggered the bad labels):

=== Step 4 dry run ===
ISSUE_TITLE: Admin: PR review — Training may29 (PR #1034)

Labels found: AI:site
AI:docs
1secure
access-analyzer
identity-manager
pingcastle

Admin Support tracking issue — skipping codeowner notification

Labels are fetched, kb/review guard passes through, and the new title check exits before any codeowner comment is posted.

Closes #1036

[github-actions]

Code Review

No correctness issues found. The change is minimal and well-scoped:

• Safe input handling: ISSUE_TITLE is passed through an env variable rather than inline ${{ }} interpolation in the shell, which is the correct pattern for untrusted issue input and avoids any script-injection risk via crafted titles.
• Pattern matches producer: The ^Admin: PR review anchor correctly matches the title format emitted by .github/workflows/auto-create-pr-tracking-issues.yml:55 (Admin: PR review — ${prTitle} (PR #${pr.number})).
• Guard placement: The new check sits after the empty-labels and kb/review guards and before the label-codeowners.json read and team mapping loop — it short-circuits before any comment is posted, mirroring the existing early-exit pattern.
• No impact on triggers, permissions, secrets, downstream jobs (content-fix, content-fix-followup), build, routing, or KB pipeline.

One minor note (non-blocking): the title-based guard could in principle be bypassed by a human opening an issue whose title starts with Admin: PR review. Since this is just suppressing a courtesy codeowner ping (not a security control) and the upstream producer is the only realistic source of that title pattern, this is fine as-is.