Skip to content

feat: add review-renovate agent skill#306

Merged
backnotprop merged 1 commit intomainfrom
feat/review-renovate-skill
Mar 16, 2026
Merged

feat: add review-renovate agent skill#306
backnotprop merged 1 commit intomainfrom
feat/review-renovate-skill

Conversation

@backnotprop
Copy link
Copy Markdown
Owner

@backnotprop backnotprop commented Mar 16, 2026

Summary

  • Adds a review-renovate skill at .agents/skills/review-renovate/SKILL.md following the open agent skills standard
  • Codifies the supply chain review process for Renovate PRs that update GitHub Actions
  • Agent-agnostic — works with Claude Code, Codex, or any agent supporting the spec

What the skill does

  1. Confirms PR author is Renovate bot
  2. Extracts all action version changes from the diff
  3. Verifies every pinned commit SHA (old and new) against upstream tagged releases via GitHub API
  4. Reviews changelogs for breaking changes
  5. Checks workflow files for compatibility
  6. Reports a clear safe/unsafe merge recommendation

Test plan

  • Invoke skill against a Renovate PR and verify it produces the expected summary table
  • Confirm SHA verification catches a tampered hash

🤖 Generated with Claude Code

@backnotprop @claude
feat: add review-renovate agent skill for CI dependency audits
1b3927c 
Adds an agent-agnostic skill that reviews Renovate PRs updating GitHub
Actions — verifies pinned SHA integrity against upstream tags, checks
for breaking changes, and confirms workflow compatibility.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@backnotprop backnotprop merged commit 789f5ea into main Mar 16, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@backnotprop