PR review agent: make eval-risk approval policy repo-specific

[enyst]

Moves the eval/benchmark-risk approval policy out of the global PR review prompt (used by the pr-review GitHub Action across repos) and into this repository's code-review skill (.agents/skills/custom-codereview-guide.md).

This keeps the action prompt generic for downstream repos while still enforcing the policy for OpenHands/software-agent-sdk.

---

Agent Server images for this PR

• GHCR package: https://github.com/OpenHands/agent-sdk/pkgs/container/agent-server

Variants & Base Images

Variant	Architectures	Base Image	Docs / Tags
java	amd64, arm64	eclipse-temurin:17-jdk	Link
python	amd64, arm64	nikolaik/python-nodejs:python3.12-nodejs22	Link
golang	amd64, arm64	golang:1.21-bookworm	Link

Pull (multi-arch manifest)

# Each variant is a multi-arch manifest supporting both amd64 and arm64
docker pull ghcr.io/openhands/agent-server:540a868-python

Run

docker run -it --rm \
  -p 8000:8000 \
  --name agent-server-540a868-python \
  ghcr.io/openhands/agent-server:540a868-python

All tags pushed for this build

ghcr.io/openhands/agent-server:540a868-golang-amd64
ghcr.io/openhands/agent-server:540a868-golang_tag_1.21-bookworm-amd64
ghcr.io/openhands/agent-server:540a868-golang-arm64
ghcr.io/openhands/agent-server:540a868-golang_tag_1.21-bookworm-arm64
ghcr.io/openhands/agent-server:540a868-java-amd64
ghcr.io/openhands/agent-server:540a868-eclipse-temurin_tag_17-jdk-amd64
ghcr.io/openhands/agent-server:540a868-java-arm64
ghcr.io/openhands/agent-server:540a868-eclipse-temurin_tag_17-jdk-arm64
ghcr.io/openhands/agent-server:540a868-python-amd64
ghcr.io/openhands/agent-server:540a868-nikolaik_s_python-nodejs_tag_python3.12-nodejs22-amd64
ghcr.io/openhands/agent-server:540a868-python-arm64
ghcr.io/openhands/agent-server:540a868-nikolaik_s_python-nodejs_tag_python3.12-nodejs22-arm64
ghcr.io/openhands/agent-server:540a868-golang
ghcr.io/openhands/agent-server:540a868-java
ghcr.io/openhands/agent-server:540a868-python

About Multi-Architecture Support

• Each variant tag (e.g., 540a868-python) is a multi-arch manifest supporting both amd64 and arm64
• Docker automatically pulls the correct architecture for your platform
• Individual architecture tags (e.g., 540a868-python-amd64) are also available if needed

[github-actions]

API breakage checks (Griffe)

Result: Failed

Log excerpt (first 1000 characters)

============================================================
Checking openhands-sdk (openhands.sdk)
============================================================
Comparing openhands-sdk 1.11.5 against 1.11.4
::notice title=openhands-sdk API::Ignoring Field metadata-only change (non-breaking): load_public_skills
No breaking changes detected

============================================================
Checking openhands-workspace (openhands.workspace)
============================================================
Comparing openhands-workspace 1.11.5 against 1.11.4
::warning file=openhands-workspace/openhands/workspace/docker/dev_workspace.py,line=33,title=DockerDevWorkspace.server_image::Attribute value was changed: `Field(default='ghcr.io/openhands/agent-server:latest-python', description='Pre-built agent server image to use.')` -> `Field(default=None, description='Pre-built agent server image. Mutually exclusive with base_image.')`
::error title=SemVer::Breaking changes detected (1); re

Action log

[github-actions]

Agent server REST API breakage checks (OpenAPI)

Result: Passed

Action log

[all-hands-bot]

LGTM! ✅

Clean refactoring that correctly separates repo-specific policy from generic example template. The eval-risk approval policy now lives in the right place (.agents/skills/custom-codereview-guide.md) while keeping the example prompt generic for downstream repos.

Minor improvements in clarity ("plausibly affect", "COMMENT review") are nice touches. No issues found.