Run MCP smoke tests with AI CLI tools

[mneudert]

Description

Please include a description of this change and which issue it fixes. If no issue exists yet please include context and what problem it solves.

Checklist

• [✔] I have understood, reviewed, and tested all AI outputs before use
• [✔] All AI instructions respect security, IP, and privacy rules

Review

• Functional review done
• Potential edge cases thought about (behaviour of the code with strange input, with strange internal state or possible interactions with other Matomo subsystems)
• Usability review done (is anything maybe unclear or think about anything that would cause people to reach out to support)
• Security review done
• Wording review done
• Code review done
• Tests were added if useful/possible
• Reviewed for breaking changes
• Developer changelog updated if needed
• New documentation added or existing documentation updated

[aikido-pr-checks]

Template Injection in GitHub Workflows Action - critical severity
A GitHub Actions workflow step contains a template expression referencing potentially untrusted GitHub context fields. This may allow malicious input to be injected into shell commands, leading to a potential supply chain attack as tokens of the CI/CD pipeline could be exfiltrated.

Show fix

Suggested change

	run: |
	set -euo pipefail
	RESULTS_FILE="${{ inputs.artifact_dir }}/results.json"
	{
	echo "## ${{ inputs.provider_label }} Smoke"
	echo
	echo "- job result: ${{ inputs.job_status }}"
	} >> "$GITHUB_STEP_SUMMARY"
	if [ ! -f "$RESULTS_FILE" ]; then
	env:
	ARTIFACT_DIR: ${{ inputs.artifact_dir }}
	PROVIDER_LABEL: ${{ inputs.provider_label }}
	JOB_STATUS: ${{ inputs.job_status }}
	run: |
	set -euo pipefail
	RESULTS_FILE="$ARTIFACT_DIR/results.json"
	{
	echo "## $PROVIDER_LABEL Smoke"
	echo
	echo "- job result: $JOB_STATUS"
	} >> "$GITHUB_STEP_SUMMARY"
	if [ ! -f "$RESULTS_FILE" ]; then

_{More info}