feat: add automated skill review GitHub Action

[rohan-tessl]

Hey @csharpfritz 👋

Following up on #501 — you mentioned wanting to do an inventory of all the skills in this project and keep them current. This adds a GitHub Action that automatically reviews any SKILL.md file changed in a PR, so you get quality feedback without having to remember to run it manually.

What it does

Any PR that touches a SKILL.md file will automatically get a review comment with scores and detailed feedback from tessl skill review. No Tessl account or API token needed — it runs the CLI locally and only uses the GitHub-provided GITHUB_TOKEN to post comments.

optionally, you can enable optimize mode by adding a token as TESSL_API_TOKEN in your repo secrets. when enabled, the action suggests improvements you can accept by commenting /apply-optimize. this means that it gives you and your contributors an instant quality signal before you have to review yourself.

Example output

When a PR modifies a skill, you'll see a comment like:

Skill Review Results

Skill	Score
component-development	94% ✅

Detailed feedback for each skill...

Optional: quality gate

If you want to enforce a minimum score, you can add fail-threshold:

- uses: tesslio/skill-review@main
  with:
    fail-threshold: 70

PRs with any skill scoring below 70% would fail the check. The default is 0 (never fails — just informational).

Changes

• Added .github/workflows/skill-review.yml — a single lightweight workflow file

Honest disclosure — I work at @tesslio where we build tooling around skills like these. Not a pitch - just saw room for improvement and wanted to contribute.

Want to self-improve your skills? Just point your agent (Claude Code, Codex, etc.) at this Tessl guide and ask it to optimize your skill. Ping me - @rohan-tessl - if you hit any snags.

Thanks in advance 🙏

[csharpfritz]

That's very kind! I'll review and discuss this PR on my Thursday livestream.

[csharpfritz]

I have some concerns about you making changes to my skills and getting read and write access to the repository with a container that I'm not familiar with.

[rohan-tessl]

I have some concerns about you making changes to my skills and getting read and write access to the repository with a container that I'm not familiar with.

Thanks for flagging that it's a fair concern and worth addressing clearly.

Just to clear up the container point first: the action doesn't use Docker or a container at all. It's a standard GitHub Action that runs directly on the runner, downloads the Tessl CLI binary, runs tessl skill review against any changed SKILL.md files, and posts a comment with the score. The full source is open if you want to audit it: https://github.com/tesslio/skill-review/blob/main/action.yml

On the write access question - the write in the permissions block is specifically pull-requests: write, which is only there to post a comment. The contents permission is read. It can't push, modify, or delete anything in the repository:

permissions:
  pull-requests: write
  contents: read

No signup or tokens required for the core functionality.

Also, I'd be happy to join your Thursday livestream, walk through how it works, and chat about the broader idea of improving skills and steering agents - could make for a useful segment if that feels relevant. Just say the word!

[fernandezbaptiste]

hey @csharpfritz 👋 i'm bap - colleague of @rohan-tessl's. caught your livestream review of #501, really appreciated how thoroughly you walked through the changes!

on the security concern here - Rohan addressed it above but the tldr: no container, no write access to code. the action runs the CLI on the runner and posts a PR comment via the standard GITHUB_TOKEN. happy to clarify anything else.

separately, we ran some scenario-based task evals on your blazor-eventcallback-aliases skill to see how the skill holds up against real agent tasks - here's a couple of examples:

scenario	without skill	with skill
Event attribute preserved	0%	100%
Handler signature updated	20%	100%
No System.Web.UI.Page base class	50%	100%

these are scenarios we put together, you can see the full evals results here. This means that if you want to create your own evaluation scenarios to pressure-test your skills against the tasks that matter most to you and your contributors, these are the kinds of tests you can run.

no action needed - just thought you'd find it useful.