Workflow Skill Extractor Report — 2026-04-02

[github-actions[bot]]

🎯 Executive Summary

This report analyzes all 179 agentic workflows in .github/workflows/ to identify opportunities for extracting reusable shared components. The analysis found 3 high-impact skill candidates not yet covered by any of the existing 65 shared components. Implementing all 3 recommendations would eliminate an estimated 590–680 lines of duplicated configuration across 71 unique workflows.

The most significant finding is a daily audit discussion pattern present in 44 workflows that all independently repeat an identical safe-outputs block. A parametrized shared component for this pattern alone would save ~400 lines and create a single authoritative source for audit discussion hygiene.

Key Statistics:

• Total workflows analyzed: 179
• Existing shared components: 65
• Most-imported shared component: shared/reporting.md (97 imports)
• Skills identified: 3 (all high/medium priority)
• Estimated total lines saved: ~590–680 lines
• Actionable issues created: 3

---

📊 Analysis Overview

Existing Shared Components — Adoption

The current shared components are well-adopted. Top imports:

Component	# Imports
shared/reporting.md	97
shared/mcp/serena-go.md	21
shared/jqschema.md	17
shared/activation-app.md	11
shared/python-dataviz.md	8
shared/trending-charts-simple.md	6
shared/gh.md	6
shared/mcp/tavily.md	5
shared/github-queries-mcp-script.md	5
shared/copilot-pr-analysis-base.md	4

Engine Distribution (Daily/Weekly workflows)

• copilot: 36 workflows
• claude: 10 workflows
• codex: 2 workflows

---

🔍 Identified Skills

High Priority Skills

1. Daily Audit Discussion Configuration

• Frequency: 44 workflows (25% of all workflows)
• Size: ~8–10 lines per workflow = ~400 lines total
• Priority: High
• Description: Every daily/weekly report workflow independently declares the same safe-outputs block for creating discussions under the "audits" category with close-older-discussions: true and max: 1. The only variation is title-prefix and expires (1d vs 3d).
• Workflows: agentic-observability-kit, audit-workflows, blog-auditor, claude-code-user-docs-review, copilot-agent-analysis, copilot-pr-merged-report, copilot-pr-nlp-analysis, copilot-pr-prompt-analysis, copilot-session-insights, daily-code-metrics, daily-compiler-quality, daily-copilot-token-report, daily-firewall-report, daily-integrity-analysis, daily-issues-report, daily-observability-report, daily-performance-summary, daily-regulatory, daily-secrets-analysis, daily-team-evolution-insights, deep-report, delight, developer-docs-consolidator, docs-noob-tester, example-workflow-analyzer, github-mcp-structural-analysis, github-mcp-tools-report, go-fan, issue-arborist, lockfile-stats, mcp-inspector, poem-bot, portfolio-analyst, prompt-clustering-analysis, repo-audit-analyzer, repository-quality-improver, safe-output-health, schema-consistency-checker, sergo, terminal-stylist, typist, weekly-issue-summary, and others.
• Recommendation: Extract to shared/daily-audit-discussion.md with import-schema parameters for title-prefix and expires

2. Standard Repo-Memory Configuration

• Frequency: 20 workflows
• Size: ~7–8 lines per workflow = ~150 lines total
• Priority: High
• Description: 20 workflows use nearly identical repo-memory configuration with branch-name: memory/<slug>, four standard file-glob extensions (json, jsonl, csv, md), and max-file-size: 102400. Only branch-name and description vary.
• Workflows: agent-performance-analyzer, audit-workflows, code-scanning-fixer, copilot-agent-analysis, copilot-cli-deep-research, copilot-pr-nlp-analysis, copilot-pr-prompt-analysis, copilot-session-insights, daily-cli-performance, daily-copilot-token-report, daily-news, daily-testify-uber-super-expert, deep-report, delight, discussion-task-miner, firewall-escape, metrics-collector, pr-triage-agent, security-compliance, workflow-health-manager
• Recommendation: Extract to shared/repo-memory-standard.md with import-schema for branch-name and description

Medium Priority Skills

3. Go Source Code Analysis Tools Bundle

• Frequency: 7+ workflows
• Size: ~8–10 bash permission lines + prompt instructions per workflow
• Priority: Medium
• Description: Multiple Go code quality workflows independently re-declare the same bash allowlist for navigating Go sources (find pkg, wc -l pkg/**/*.go, grep -r 'func ', etc.) alongside imports of shared/mcp/serena-go.md and shared/reporting.md. The prompt instructions for Serena activation and Go analysis constraints are also near-identical.
• Workflows: daily-function-namer, duplicate-code-detector, semantic-function-refactor, daily-file-diet, daily-compiler-quality, go-fan, daily-testify-uber-super-expert
• Recommendation: Extract to shared/go-source-analysis.md bundling serena-go + bash perms + standard instructions

---

💡 Detailed Recommendations

Recommendation 1: Daily Audit Discussion Configuration

Full Details

Current State — Example from daily-secrets-analysis.md:

safe-outputs:
  create-discussion:
    expires: 3d
    category: "audits"
    title-prefix: "[daily secrets] "
    max: 1
    close-older-discussions: true

Proposed shared/daily-audit-discussion.md:

---
import-schema:
  title-prefix:
    type: string
    required: true
  expires:
    type: string
    default: "3d"
  upload-asset:
    type: boolean
    default: false

safe-outputs:
  upload-asset: $\{\{ github.aw.import-inputs.upload-asset }}
  create-discussion:
    expires: $\{\{ github.aw.import-inputs.expires }}
    category: "audits"
    title-prefix: $\{\{ github.aw.import-inputs.title-prefix }}
    max: 1
    close-older-discussions: true
  close-discussion:
    max: 10
---

After migration:

imports:
  - uses: shared/daily-audit-discussion.md
    with:
      title-prefix: "[daily secrets] "
      expires: 3d

Impact:

• Lines saved: ~400 across 44 workflows
• Maintenance: Centralized audit policy — change expiry or category once for all
• New workflows automatically get correct close-older-discussions behavior

Recommendation 2: Standard Repo-Memory Configuration

Full Details

Current State — Example from copilot-pr-nlp-analysis.md:

tools:
  repo-memory:
    branch-name: memory/nlp-analysis
    description: "Historical NLP analysis results"
    file-glob:
      - "memory/nlp-analysis/*.json"
      - "memory/nlp-analysis/*.jsonl"
      - "memory/nlp-analysis/*.csv"
      - "memory/nlp-analysis/*.md"
    max-file-size: 102400  # 100KB

Proposed shared/repo-memory-standard.md:

---
import-schema:
  branch-name:
    type: string
    required: true
  description:
    type: string
    required: true
  max-file-size:
    type: integer
    default: 102400

tools:
  repo-memory:
    branch-name: $\{\{ github.aw.import-inputs.branch-name }}
    description: $\{\{ github.aw.import-inputs.description }}
    file-glob:
      - "$\{\{ github.aw.import-inputs.branch-name }}/*.json"
      - "$\{\{ github.aw.import-inputs.branch-name }}/*.jsonl"
      - "$\{\{ github.aw.import-inputs.branch-name }}/*.csv"
      - "$\{\{ github.aw.import-inputs.branch-name }}/*.md"
    max-file-size: $\{\{ github.aw.import-inputs.max-file-size }}
---

After migration:

imports:
  - uses: shared/repo-memory-standard.md
    with:
      branch-name: "memory/nlp-analysis"
      description: "Historical NLP analysis results"

Impact:

• Lines saved: ~150 across 20 workflows
• Ensures consistent file-glob extensions (prevents drift where some workflows miss .jsonl)

Recommendation 3: Go Source Code Analysis Bundle

Full Details

Current State — Common bash permissions block (repeated in 7+ workflows):

imports:
  - shared/mcp/serena-go.md
  - shared/reporting.md

tools:
  bash:
    - "find pkg -name '*.go' ! -name '*_test.go' -type f"
    - "find pkg -type f -name '*.go' ! -name '*_test.go'"
    - "find pkg/ -maxdepth 1 -ls"
    - "find pkg/workflow/ -maxdepth 1 -ls"
    - "wc -l pkg/**/*.go"
    - "head -n * pkg/**/*.go"
    - "grep -r 'func ' pkg --include='*.go'"
    - "cat pkg/**/*.go"

Proposed shared/go-source-analysis.md:

---
imports:
  - shared/mcp/serena-go.md
  - shared/reporting.md

tools:
  bash:
    - "find pkg -name '*.go' ! -name '*_test.go' -type f"
    - "find pkg -type f -name '*.go' ! -name '*_test.go'"
    - "find pkg/ -maxdepth 1 -ls"
    - "find pkg/workflow/ -maxdepth 1 -ls"
    - "wc -l pkg/**/*.go"
    - "head -n * pkg/**/*.go"
    - "grep -r 'func ' pkg --include='*.go'"
    - "cat pkg/**/*.go"
---

## Go Source Code Analysis Setup

[Standard Serena activation instructions and Go analysis constraints]

After migration:

imports:
  - shared/go-source-analysis.md
  # Replaces separate imports of serena-go.md, reporting.md, and inline bash perms

Impact:

• Lines saved: ~50–80 across 7+ workflows
• Maintenance: Add new bash patterns (e.g., cmd/ directory) in one place

---

📈 Impact Analysis

By Category

Category	Skills	Est. Lines Saved	Workflows Affected
Configuration Skills	2 (audit + repo-memory)	~550	64 (some overlap)
Tool Configuration Skills	1 (go-source bundle)	~65	7+
Total	3	~590–680	71+

By Priority

Priority	Skills	Lines Saved	Workflows Affected
High	2	~550	44 + 20
Medium	1	~65	7+

---

✅ Created Issues

This analysis has created the following actionable issues:

1. [refactoring] Extract daily audit discussion configuration into shared component #24074: Extract daily audit discussion configuration into shared component (44 workflows, ~400 lines)
2. [refactoring] Extract standard repo-memory configuration into parametrized shared component #24076: Extract standard repo-memory configuration into parametrized shared component (20 workflows, ~150 lines)
3. [refactoring] Extract Go source code analysis tools bundle into shared component #24077: Extract Go source code analysis tools bundle into shared component (7+ workflows, ~65 lines)

---

🎯 Next Steps

1. Review the 3 created issues and prioritize implementation
2. Implement shared/daily-audit-discussion.md first (highest ROI — 44 workflows)
3. Implement shared/repo-memory-standard.md (20 workflows)
4. Implement shared/go-source-analysis.md (7+ workflows)
5. Schedule next extractor run in 1 month to catch new patterns

---

📚 Methodology

• Analyzed: 179 workflow files
• Reviewed existing: 65 shared components
• Deep-sampled: ~30 representative workflows in detail
• Pattern detection: grep/bash analysis for configuration blocks, import usage, safe-outputs patterns
• Prioritized: frequency × lines-saved ÷ extraction complexity

Analysis Date: 2026-04-02
Analyzer: Workflow Skill Extractor v1.0
Workflow Run: §23898174018

References:

• Workflow run §23898174018

AI generated by Workflow Skill Extractor · history

• expires on Apr 9, 2026, 11:40 AM UTC

[github-actions[bot]]

🤖 The smoke test agent was here! Beep boop, systems operational. 👋 Just passing through to verify all the agentic machinery is humming along nicely. Nothing to see here... or is there? 🔍✨

📰 BREAKING: Report filed by Smoke Copilot · ◷

[github-actions[bot]]

---

Warning

The push_to_pull_request_branch operation failed: Cannot push to pull request branch: patch modifies files outside the allowed-files list (smoke-test-23898592679.md). Add the files to the allowed-files configuration field or remove them from the patch.. The code changes were not applied.

💥 WHOOSH! The smoke test agent has ARRIVED! 🦸

ZAP! Claude engine verified nominal — all systems GO!

POW! Run §23898592679 swooped through this discussion like a caped crusader on patrol.

"With great agentic power comes great smoke-tested responsibility." 🕷️✨

💥 [THE END] — Illustrated by Smoke Claude · ◷