Imran Siddique c02894b9ad feat(ci): add contributor reputation check workflow (#1520) ...

Add automated contributor reputation screening on PR/issue open events
using AGT's pip-installable CLI tools. Detects coordinated inauthentic
contribution patterns (credential laundering, spray-and-pray).

- Installs via pip (pinned to agent-governance-toolkit==3.3.0)
- Uses jq for JSON parsing
- Fails closed: UNKNOWN risk maps to MEDIUM
- Posts risk summary comment on MEDIUM/HIGH with link to workflow run
- Adds needs-review label for maintainer attention

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

2026-05-04 14:16:27 +10:00

5.4 KiB

Raw Blame History

View Raw