[task] Add graceful artifact handling for missing agent outputs

[github-actions]

Objective

Improve safe output job error handling when agent_output.json artifacts are missing due to upstream agent job failures. Jobs should skip gracefully instead of failing with confusing error messages.

Context

Safe output health analysis shows 4 occurrences where safe output jobs fail because the agent job didn't produce the expected artifact. Current behavior shows unclear errors like "ENOENT: no such file or directory". These are upstream failures, not safe output failures, but they're counted as safe output job failures.

Related to discussion #2532 (Safe Output Health Report).

Approach

1. Locate safe output job step definitions in workflow compiler (likely in pkg/workflow/ Go files)
2. Add artifact existence check before download attempt:
   • Use GitHub Actions conditional execution
   • Check if agent job succeeded before trying artifact download
3. Improve error messaging:
   • Distinguish between "agent failed" and "safe output failed"
   • Provide clear guidance when artifact is missing
4. Modify job status logic:
   • Use "skipped" status instead of "failed" when artifact missing
   • Preserve "failed" status only for actual safe output job failures

Files to Modify

• pkg/workflow/*_engine.go (safe output job generation)
• pkg/workflow/js/*.cjs (safe output job scripts that download artifacts)
• Possibly workflow template generation code

Acceptance Criteria

• Safe output jobs check for agent job success before executing
• Clear error message indicates "upstream agent failure" when artifact missing
• Jobs are marked "skipped" (not "failed") when artifact is missing due to agent failure
• Test with smoke test workflows that have known agent failures
• Health reports correctly distinguish safe output failures from upstream failures
  Related to 🏥 Safe Output Health Report - October 26, 2025 #2532

AI generated by Plan Command for discussion #2532