feat: Add Repo Guardian templates to gh-aw-adoption skill

Adds ready-to-copy Repo Guardian workflow templates to the existing
gh-aw-adoption skill, and updates SKILL.md with setup instructions.

## Changes

**New files in `.claude/skills/gh-aw-adoption/`:**
- `repo-guardian.md` — gh-aw agentic workflow template (AI agent prompt
  that reviews PRs for ephemeral content: meeting notes, temp scripts,
  point-in-time documents). Adapted from cybergym production workflow.
- `repo-guardian-gate.yml` — Standard GitHub Actions enforcement gate
  that makes Repo Guardian a blocking CI check

**Updated `.claude/skills/gh-aw-adoption/SKILL.md`:**
- Added "Repo Guardian: Featured First Workflow" section with what it
  does, template locations, and quick 4-step setup instructions
- Added `repo-guardian.md` to the Security & Compliance workflow list

## What Repo Guardian Does

Reviews every PR for ephemeral content that doesn't belong in the repo:
- Meeting notes, sprint retrospectives, status updates
- Temporary scripts (fix-thing.sh, one-off-migration.py)
- Point-in-time documents that will become stale

Two-workflow architecture:
1. repo-guardian.md: AI agent reviews PR, posts one comment (safe-outputs max:1)
2. repo-guardian-gate.yml: Enforces findings as blocking CI check

Requires COPILOT_GITHUB_TOKEN secret (PAT with read:org + repo scopes).
Override: add PR comment `repo-guardian:override <reason>`.

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>

Author: Ubuntu

.claude/skills/gh-aw-adoption/SKILL.md

@@ -286,12 +286,57 @@ Before using this skill, ensure:
 4. **Authentication**: GitHub token with appropriate scopes
 5. **Optional: Integration branch**: For staging workflow changes before main
 
+## Repo Guardian: Featured First Workflow
+
+**Repo Guardian** is the recommended first workflow to adopt in any repository. Ready-to-copy
+templates are included in this skill directory:
+
+- **`repo-guardian.md`** — The gh-aw agentic workflow (natural language prompt for the AI agent)
+- **`repo-guardian-gate.yml`** — Standard GitHub Actions workflow that enforces agent findings as a blocking CI check
+
+### What It Does
+
+Reviews every PR for **ephemeral content that doesn't belong in the repo**:
+
+- Meeting notes, sprint retrospectives, status updates
+- Temporary scripts (`fix-thing.sh`, `one-off-migration.py`)
+- Point-in-time documents that will become stale
+- Files with date prefixes suggesting snapshots
+
+Posts a PR comment with findings. Collaborators can override with `repo-guardian:override <reason>`.
+
+### Quick Setup
+
+```bash
+# 1. Copy templates
+mkdir -p .github/workflows
+cp .claude/skills/gh-aw-adoption/repo-guardian.md .github/workflows/repo-guardian.md
+cp .claude/skills/gh-aw-adoption/repo-guardian-gate.yml .github/workflows/repo-guardian-gate.yml
+
+# 2. Compile the agentic workflow (pins the gh-aw version)
+cd .github/workflows
+gh aw compile repo-guardian
+
+# 3. Add COPILOT_GITHUB_TOKEN secret (PAT with read:org + repo scopes)
+# Repository Settings → Secrets and variables → Actions → New repository secret
+
+# 4. Commit and push all three files
+git add .github/workflows/repo-guardian.md \
+        .github/workflows/repo-guardian.lock.yml \
+        .github/workflows/repo-guardian-gate.yml
+git commit -m "feat: Add Repo Guardian agentic workflow"
+git push
+```
+
+---
+
 ## Common Workflows to Adopt
 
 Based on analysis of 100+ workflows in the gh-aw repository, these are high-impact workflows to consider:
 
 **Security & Compliance** (High Priority):
 
+- `repo-guardian.md` - Block PRs containing ephemeral content (included as template — see above)
 - `secret-validation.md` - Monitor secrets for expiration and leaks
 - `container-security-scanning.md` - Scan container images for vulnerabilities
 - `license-compliance.md` - Verify dependency licenses