[WIP] Add accessibility and security checklists to PR templates and docs

[Copilot]

Thanks for asking me to work on this. I will get started on it and keep this PR's description up to date as I form a plan and make progress.

---

This section details on the original issue you should resolve

<issue_title>[Task] Add accessibility and security checklists to PR templates and docs</issue_title>
<issue_description>---
name: "📝 Task"
about: "Propose a well-scoped unit of work: template tweaks, config updates, copy edits, etc."
title: "[Task] Add accessibility and security checklists to PR templates and docs"
labels: [status:needs-triage, priority:normal, area:core, a11y, security, checklist]
assignees: [ashleyshaw]
projects: []
milestone: ""
file_type: task

Task Summary

Add explicit accessibility and security checklists to the organisation’s PR templates and related review documentation in the .github repository.

The aim is to make accessibility and security review more consistent, visible, and maintainable across contributor and reviewer workflows. The final approach should stay lean: use concise checklists, align wording across templates and docs, and reference recognised standards such as WCAG 2.1 AA and OWASP only where that improves clarity and actionability.

Acceptance Criteria

• Accessibility checklist content is defined and added in the right locations
• Security checklist content is defined and added in the right locations
• PR templates and supporting docs use consistent wording
• References to WCAG 2.1 AA and OWASP are included where useful
• Duplicate or conflicting checklist guidance is removed or consolidated
• Documentation updated if needed
• Changelog entry prepared for PR if task completed via PR
• Correct branch prefix for PR: chore/ or task/

Audit current templates/docs

Review the current PR templates and any related documentation in .github to understand what accessibility and security guidance already exists, where gaps are, and where checklist content should live.

Checklist

• Audit the default PR template
• Audit any additional PR templates
• Audit supporting review or contribution documentation
• Note any existing accessibility guidance
• Note any existing security guidance
• Identify duplication, inconsistencies, or missing coverage

Define minimal A11y checklist

Create a concise accessibility checklist suitable for LightSpeed’s WordPress workflow. The checklist should be practical for reviewers and contributors and avoid turning the PR template into a long-form audit document.

Checklist

• Define the minimum accessibility checks worth including
• Cover semantic HTML and structure where relevant
• Cover heading order and keyboard access where relevant
• Cover ARIA usage only where needed
• Cover visible focus / contrast considerations where relevant
• Reference WCAG 2.1 AA where it improves clarity

Define minimal security checklist

Create a concise security checklist focused on common review risks for WordPress and repository maintenance work. Keep it practical and aligned with existing org guidance.

Checklist

• Define the minimum security checks worth including
• Cover validation and sanitisation of untrusted input
• Cover context-specific escaping on output
• Cover nonce and capability checks for privileged actions
• Cover secrets and sensitive data handling
• Reference OWASP guidance where it improves clarity

Add checklist to PR template(s)

Implement the agreed checklist content in the appropriate PR template files. Keep changes small, readable, and easy to maintain.

Checklist

• Add accessibility checklist content to the default PR template if appropriate
• Add security checklist content to the default PR template if appropriate
• Update additional PR templates only where justified
• Keep wording concise and reviewer-friendly
• Avoid unnecessary duplication across templates

Align supporting docs

Update any related docs so that guidance in templates and documentation stays consistent. Supporting docs should reinforce the workflow without duplicating large sections of checklist content.

Checklist

• Update related review docs if they reference PR expectations
• Update contribution docs if needed
• Ensure linked standards and guidance are consistent
• Prefer cross-reference over repeating large checklist blocks

Review for duplication and maintenance overhead

Do a final pass to ensure the solution is proportionate, clear, and inexpensive to maintain over time.

Checklist

• Remove or consolidate duplicate checklist wording
• Confirm no conflicting guidance remains
• Check that checklist items are still practical for contributors
• Check that the approach does not add unnecessary process burden
• Confirm the final change is easy to maintain as templates evolve

Dependencies

• .github/pull_request_template.md
• .github/PULL_REQUEST_TEMPLATE/
• Any related review, contribution, or governance docs in .github
• Existing org guidance in AGENTS.md and .github/custom-instructions.md

Additional Context

This should remain a single parent task. The work can be completed in small, focused changes, but the issue should capture the full scope so contributors can implement it without needing a separate planning issue.

The preferred outcome is a minimal, modular update that improves review quality without creating a heavy compliance process.

---

Definition of Ready (DoR)

• Task described and scoped
• Estimate added if relevant

Definition of Done (DoD)

• Task completed and documented
• Changelog entry prepared for PR
• PR uses correct branch prefix
  ---</issue_description>

<agent_instructions>Proceed with the audit work defined in this issue
#21</agent_instructions>

Comments on the Issue (you are @copilot in this section)

[Copilot]

Copilot wasn't able to review any files in this pull request.