bottlerocket-os/bottlerocket-core-kit#381 highlights a need for linting of Bottlerocket Security Advisories (BRSAs) to enforce that advisory content is strictly ASCII characters.

BRSAs are the source of Bottlerocket's updateinfo.xml. If a BRSA encodes special characters, then the encoding of those characters to XML may result in malformed updates in updateinfo.xml. For example, text copied directly from https://nvidia.custhelp.com/app/answers/detail/a_id/5616 for CVE-2025-23359 uses a special "non-breaking hyphen" character for hyphens, resulted in encodings CVE‑2025‑23359 instead of using a normal "-"

Something like bottlerocket-os/bottlerocket-core-kit#381 (comment)

if find advisories -name '*.toml' -type f >/dev/null 2>&1 ; then
  export LC_ALL=C
  if grep --include '*.toml' -R -l -P ['\x80'-'\xFF'] advisories ; then
    echo "error: found non-ASCII characters in advisories" >&2
    exit 1
  fi
fi

may do the trick