메뉴
Conversational skill that interviews users to design new agentic workflows
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
Route gh-aw workflow design/create/debug/upgrade requests to the right prompts.
Analyze and reduce token consumption in agentic workflows — guardrail-specific entry points, measurement, and optimization techniques.
Implement secret-safe HTTP headers for MCP transport in gh-aw.
Review code that performs git or gh operations against repository checkouts in gh-aw, checking that the right credentials are available at the right time and that sparseness, shallowness and credential-free factors are properly considered.
Teach Copilot how to plan, address, and respond to pull request review feedback.
Query GitHub pull requests with jq filtering and reusable selectors.
| name | agentic-workflow-designer |
| description | Conversational skill that interviews users to design new agentic workflows |
| disable-model-invocation | true |
Use this skill to run a structured interview with users who know their goal but not the workflow syntax yet, then generate one complete workflow .md file.
Use this before .github/aw/create-agentic-workflow.md when requirements are unclear or incomplete.
skills/agentic-workflow-designer/SKILL.md to discover and confirm requirements..github/aw/create-agentic-workflow.md once requirements are clear and ready for implementation..github/aw/agentic-chat.md when the user wants a specification/pseudo-code instead of a runnable workflow file.Ask one question at a time. Move to the next phase only after the current phase is clear.
Ask: "What do you want to automate?"
Capture:
Ask: "When should this run?"
Follow up only if needed:
Map to the on: block.
Ask:
Map to:
permissions: (keep read-only for agent job)tools:safe-outputs:Ask:
Capture:
steps: should pre-fetch GitHub data with gh + jq/tmp/gh-aw/data/Map to:
steps:Ask: "Should it block merging, just advise, or silently log?"
Capture:
Guide toward safe output behavior and explicit noop instructions.
Ask: "Does it need external APIs, web access, package installs, or MCP servers?"
Follow up:
Map to:
network.allowedtools:secrets: / env: wiring for integration tokensengine.api-target and aw.json ghes: true (when applicable)Ask only if ambiguous: "Any AI engine preference?"
If no preference, suggest default:
Map to engine: only when not default.
Present a structured summary and ask for approval before generation.
| User says... | Maps to |
|---|---|
| "when someone opens a PR" | on: pull_request: with types: [opened] |
| "when a PR is updated" | on: pull_request: with types: [opened, synchronize] |
| "every morning", "daily" | fuzzy schedule shorthand on: schedule: daily on weekdays (compiler expands to cron) |
| "every Monday", "weekly" | fuzzy schedule shorthand on: schedule: weekly (compiler expands to cron) |
| "when I say /review" | on: slash_command: with name: review (or requested command) |
| "when an issue is labeled bug" | on: issues: with types: [labeled] and label filter guidance |
| "run when label ai-review is added" | on: label_command: with name/names, optional event scoping, and label-as-command semantics |
| "run on PRs from forks" | on: pull_request: plus explicit forks: allowlist and fork security guardrails |
| "sometimes automatic, sometimes manual" | semi-active pattern: combine schedule/event triggers with workflow_dispatch |
| "manually", "on demand" | on: workflow_dispatch: |
| "when a deployment fails" | on: deployment_status: |
| "when another workflow finishes" | on: workflow_run: |
| User says... | Maps to |
|---|---|
| "post a comment" | add-comment |
| "create an issue" | create-issue |
| "update issue title/body" | update-issue |
| "close the issue" | close-issue |
| "assign someone", "remove assignment" | assign-to-user, unassign-from-user |
| "set issue type/field/milestone" | set-issue-type, set-issue-field, assign-milestone |
| "open a PR", "submit changes" | create-pull-request |
| "update PR description/title" | update-pull-request |
| "close the PR", "merge the PR" | close-pull-request, merge-pull-request |
| "mark PR ready", "sync PR branch" | mark-pull-request-as-ready-for-review, update-branch |
| "commit a fix to the PR branch" | push-to-pull-request-branch |
| "approve / request changes" | submit-pull-request-review |
| "inline review comment", "reply to review thread" | create-pull-request-review-comment, reply-to-pull-request-review-comment, resolve-pull-request-review-thread |
| "start or edit discussion", "close discussion" | create-discussion, update-discussion, close-discussion |
| "request reviewer", "hide comment" | add-reviewer, hide-comment |
| "create/update project", "project status update" | create-project, update-project, create-project-status-update |
| "update release", "upload release asset" | update-release, upload-asset |
| "create/auto-fix code scan alert" | create-code-scanning-alert, autofix-code-scanning-alert |
| "start an agent session", "assign to an agent" | create-agent-session, assign-to-agent |
| "store persistent memory comment" | comment-memory |
| "link a sub-issue" | link-sub-issue |
| "add labels", "remove labels" | add-labels, remove-labels |
| "nothing visible", "just analyze" | no safe outputs required |
| User says... | Maps to |
|---|---|
| "calls an external API" | ask for exact FQDN/wildcard, then add to network.allowed |
| "reads GitHub data / clones repos" | include github in network.allowed |
| "uses GitHub Actions artifacts or cache" | include github-actions in network.allowed |
| "installs npm packages" | include node in network.allowed |
| "runs pip install" | include python in network.allowed |
| "builds Go code" | include go in network.allowed |
| "installs gems / uses Bundler" | include ruby in network.allowed |
| "runs cargo build" | include rust in network.allowed |
| "uses NuGet / .NET restore" | include dotnet in network.allowed |
| "builds with Maven / Gradle" | include java in network.allowed |
| "uses Docker / pulls container images / pushes to GHCR" | include containers in network.allowed |
| "runs Playwright browser tests" | include playwright in network.allowed |
| "runs apt install / yum / apk" | include linux-distros in network.allowed |
| "uses Terraform / HashiCorp registry" | include terraform in network.allowed |
| "connects to localhost / loopback / local services" | include local in network.allowed |
| "uses Swift Package Manager" | include swift in network.allowed |
| "uses Composer / PHP packages" | include php in network.allowed |
| "uses pub.dev / Dart packages" | include dart in network.allowed |
| "uses Hackage / Haskell packages" | include haskell in network.allowed |
| "uses CPAN / Perl packages" | include perl in network.allowed |
| "serves or loads web fonts" | include fonts in network.allowed |
| "uses Deno or JSR packages" | include deno in network.allowed |
| "uses Elixir / Hex packages" | include elixir in network.allowed |
| "uses Bazel build" | include bazel in network.allowed |
| "uses R / CRAN packages" | include r in network.allowed |
| "no external access" | network.allowed: [defaults] (or [] if explicitly zero network) |
| User says... | Maps to |
|---|---|
| "read GitHub issues/PRs/workflows" | tools.github with mode: gh-proxy and minimal toolsets |
| "use full MCP server/tool definitions" | tools.github with mode: local |
| "use other MCP servers but keep token cost down" | tools.cli-proxy: true (hybrid CLI-proxy mode) |
| "edit files" | edit tool (default unless restricted) |
| "run commands/tests" | bash tool (default unless restricted) |
| "browse web pages/docs" | web-fetch and/or web-search |
| "test UI flows" | playwright |
| User says... | Recommended named pattern |
|---|---|
| "triage issues automatically" | IssueOps |
| "run on /commands with human approval loops" | ChatOps |
| "run every weekday and keep improving" | DailyOps |
| "monitor workflow failures and trends" | MonitorOps |
| "process a big backlog in chunks" | BatchOps |
| "run manually with input parameters" | DispatchOps |
| "apply a label-based workflow" | LabelOps |
| "operate across multiple repositories" | MultiRepoOps |
| "coordinate multiple sub-agents" | Orchestration |
| "manage project board items" | ProjectOps |
| "research, plan, and assign issues" | ResearchPlanAssignOps |
| "self-correcting / retry on failure" | CorrectionOps |
| "run in a side/fork repo" | SideRepoOps |
| "write a spec before implementing" | SpecOps |
| "A/B test workflow variants" | TrialOps |
| "process items from a queue" | WorkQueueOps |
| "deterministic, no LLM needed" | DeterministicOps |
| "manage from a central repo" | CentralRepoOps |
| "track work via GitHub Projects" | Monitoring with Projects |
When the user names a third-party service or MCP server:
Output format to use:
Integration auth setup:
- <service-or-mcp>: <purpose>
- Secrets to create: <SECRET_NAME>, <SECRET_NAME>
- Workflow env vars: <ENV_VAR>=${{ secrets.<SECRET_NAME> }}
- Required scopes/permissions: <least-privilege scopes>
Never suggest committing plaintext tokens.
| User says... | Maps to |
|---|---|
| "analyze PRs", "review issues", "check status" | add steps: that pre-fetch with gh + jq |
| "read the diff", "look at changed files" | add steps: using gh pr diff or gh pr view --json files |
| "search for patterns across repos" | add steps: using gh search + jq filters |
| "just respond to a comment" | no pre-fetch needed (event payload is enough) |
| "process each item individually" | suggest sub-agent pattern with model: small |
Apply these defaults unless the user explicitly asks otherwise:
gh + jq in steps:, store compact JSON in /tmp/gh-aw/data/, and point the prompt to those files (see .github/aw/token-optimization.md for details).tools.github.mode: gh-proxy, include only required toolsets, and prefer bash + gh for simple reads.model: small.noop guidance, and stable instructions before dynamic content.that's it, looks good, generate it) and proceed to generation.Use this exact structure:
📋 Proposed workflow:
- Name: <workflow-id>
- Trigger: <event + key options>
- Engine: <engine or default>
- Tools: <tool summary>
- Safe outputs: <list or none>
- Network: <allowed summary>
- Integrations/Auth: <service/mcp + required secrets/env vars>
- Deployment: <GitHub.com or GHEC/GHES details>
- Intent: <one-sentence task>
Then ask: "Ready to generate, or want to adjust anything?"
After confirmation, generate one workflow file using the same skeleton style as .github/aw/create-agentic-workflow.md.
---
emoji: <emoji>
description: <brief description>
on:
<trigger config>
permissions:
contents: read
issues: read
pull-requests: read
tools:
github:
mode: gh-proxy
toolsets: [default]
steps:
- name: <optional data prefetch>
run: |
mkdir -p /tmp/gh-aw/data
<gh + jq commands that produce compact JSON>
safe-outputs:
<safe-output-types-if-needed>
network:
allowed:
- defaults
- <additional entries if needed>
---
# <Workflow Name>
## Task
<clear instructions tied to trigger context>
If `steps:` includes pre-fetch commands, read the resulting `/tmp/gh-aw/data/*.json` files instead of broad live re-fetches.
## Safe Outputs
- Use configured safe outputs for all visible write actions.
- Call `noop` with a short reason when no action is needed.
Before final output, run this internal self-check:
safe-outputs: covers every write action mentioned in prompt/instructionsnoop when no action is neededengine: copilot)steps: pre-fetches compact JSON (DataOps)tools.github.mode is gh-proxy unless broader MCP toolsets are explicitly neededengine.api-target and GHES compatibility guidance are included when neededIn-repo references:
.github/aw/syntax.md (index → .github/aw/syntax-core.md, .github/aw/syntax-agentic.md, .github/aw/syntax-tools-imports.md).github/aw/safe-outputs.md (index → .github/aw/safe-outputs-content.md, .github/aw/safe-outputs-management.md, .github/aw/safe-outputs-automation.md, .github/aw/safe-outputs-runtime.md).github/aw/network.md.github/aw/patterns.md.github/aw/subagents.md.github/aw/token-optimization.md.github/aw/triggers.md.github/aw/create-agentic-workflow.mdPortable HTTPS references:
https://github.com/github/gh-aw/blob/main/.github/aw/syntax.md (index → .../syntax-core.md, .../syntax-agentic.md, .../syntax-tools-imports.md)https://github.com/github/gh-aw/blob/main/.github/aw/safe-outputs.md (index → .../safe-outputs-content.md, .../safe-outputs-management.md, .../safe-outputs-automation.md, .../safe-outputs-runtime.md)https://github.com/github/gh-aw/blob/main/.github/aw/network.mdhttps://github.com/github/gh-aw/blob/main/.github/aw/patterns.mdhttps://github.com/github/gh-aw/blob/main/.github/aw/triggers.mdhttps://github.com/github/gh-aw/blob/main/.github/aw/create-agentic-workflow.md