diff --git a/pkg/workflow/expression_validation.go b/pkg/workflow/expression_validation.go
index 590ca8379ad..d8bdabd39bf 100644
--- a/pkg/workflow/expression_validation.go
+++ b/pkg/workflow/expression_validation.go
@@ -77,6 +77,10 @@ var (
 	stringLiteralRegex = regexp.MustCompile(`^'[^']*'$|^"[^"]*"$|^` + "`[^`]*`$")
 	// numberLiteralRegex matches integer and decimal number literals (with optional leading minus)
 	numberLiteralRegex = regexp.MustCompile(`^-?\d+(\.\d+)?$`)
+	// exprPartSplitRe splits expression strings on dot and bracket characters
+	exprPartSplitRe = regexp.MustCompile(`[.\[\]]+`)
+	// exprNumericPartRe matches purely numeric expression parts (array indices)
+	exprNumericPartRe = regexp.MustCompile(`^\d+$`)
 )
 
 // validateExpressionSafety checks that all GitHub Actions expressions in the markdown content
@@ -209,11 +213,11 @@ func validateExpressionForDangerousProps(expression string) error {
 	// Split expression into parts handling both dot notation (e.g., "github.event.issue")
 	// and bracket notation (e.g., "release.assets[0].id")
 	// Filter out numeric indices (e.g., "0" in "assets[0]")
-	parts := regexp.MustCompile(`[.\[\]]+`).Split(trimmed, -1)
+	parts := exprPartSplitRe.Split(trimmed, -1)
 
 	for _, part := range parts {
 		// Skip empty parts and numeric indices
-		if part == "" || regexp.MustCompile(`^\d+$`).MatchString(part) {
+		if part == "" || exprNumericPartRe.MatchString(part) {
 			continue
 		}