I saw #72 and #78 while doing some research and thought I would make the suggestion of adopting the open source tool MegaLinter as a GitHub Action. MegaLinter includes shellcheck (which is awesome!) as well as a configurable number of other linters, some of which support automatic fixing of encountered issues.

Installation is done by adding a file to the .github/workflows/ directory. The instructions are on the MegaLinter site.

The full version of MegaLinter is quite large, but there are subsets of linters (called "flavors"), one of which called ci_light which is comparatively light-weight. It handles shell scripts (shellcheck and shfmt, some other file formats (not really necessary from what I see), plus some repository-level security scanners. The full suite of security scanners are available in the security flavor.

Here's an example of the workflow on one of my repos: https://github.com/wesley-dean-flexion/upload-sarif-to-defectdojo/blob/main/.github/workflows/megalinter.yml

..and here's a PR that MegaLinter scanned: wesley-dean/upload-sarif-to-defectdojo#148

All of that said, I'm happy to submit a PR for your review or show some other projects that use it.