Run a multi-expert advisory review for labelled microsoft/apm pull requests.
This appears to be an open-source, prompt-only review orchestration skill with no extra secrets or custom remote endpoints, so the overall risk is low. The main caveat is that it is designed to drive the host agent to read GitHub PR content and perform write actions such as commenting and removing labels, so it should be used in a constrained review context.
The materials state that no keys or environment variables are required, and there is no request for additional user-provided tokens, API keys, or long-lived secrets. If execution relies on existing host-side GitHub authentication, that is platform authentication rather than credential collection by the skill itself, and no explicit credential abuse pattern is shown.
Although no custom remote endpoints are declared, the skill is explicitly meant to review GitHub pull requests and write back to the PR via a single comment and label removal, so review content is expected to be sent to GitHub. There is no indication of data being exfiltrated to unknown third-party endpoints.
The documentation describes spawning multiple sub-agent threads via a `task` tool and aggregating JSON outputs, with no indication of local shell execution, software installation, or high-privilege system actions. Based on the provided information, it behaves more like prompt-level orchestration than a direct local code execution component.
This skill targets labeled pull requests for multi-persona review, which implies reading PR-related content, and the orchestrator is designed to perform a single comment and remove certain labels on the PR. The access scope appears centered on repository review context, with no sign of requesting unrelated local files or broad system-level data access.
A positive factor is that it comes from the open-source microsoft/apm repository on GitHub, making the source auditable and reducing supply-chain opacity. However, the repo has 0 stars, unknown maintenance status, and no declared license, so community validation and governance signals are weak; additional manual review is advisable before production use.
Copy the install command and let the AI configure it · recommended for beginners
Please install the "apm-review-panel" skill from askskill: 1. Download https://raw.githubusercontent.com/microsoft/apm/main/packages/apm-review-panel/SKILL.md 2. Save it as ~/.claude/skills/apm-review-panel/SKILL.md 3. Reload skills and tell me it's ready
Run apm-review-panel on this labelled non-trivial PR in microsoft/apm. Focus on architectural impact, CLI logging, developer experience, supply-chain security, and release risk, then produce one synthesized recommendation comment.
A single PR recommendation comment synthesizing expert findings, prioritized follow-ups, and a ship recommendation.
Run apm-review-panel on this labelled PR that modifies src/. In addition to the standard specialists, emphasize test coverage adequacy, regression risk, and implementation quality, and output only one recommendation comment.
One synthesized comment covering test coverage, risk warnings, and improvement suggestions, without verdict labels or merge blocking.
Run apm-review-panel on this labelled PR. The change affects both user documentation and runtime performance, so include doc-writer and performance-expert perspectives, then assess release suitability and recommend prioritized follow-ups.
A CEO-style synthesized recommendation combining documentation, performance, and other expert views to support release decisions.
The panel is FAN-OUT + SYNTHESIZER. Each persona runs in its own agent
thread (via the task tool) and returns JSON matching
assets/panelist-return-schema.json. The orchestrator schema-validates
each return, hands all returns to the apm-ceo synthesizer (also a task
thread, returns JSON matching assets/ceo-return-schema.json), then
renders ONE recommendation comment from assets/recommendation-template.md.
This skill is ADVISORY by design. It does not compute a binary verdict, it does not apply verdict labels, and it does not gate merge. The panel surfaces findings; the maintainer and the PR author decide ship.
APPROVE / REJECT,
no panel-approved / panel-rejected label, no deterministic verdict
computation. The CEO returns a ship_recommendation.stance (ship_now
/ ship_with_followups / needs_discussion / needs_rework); this is
prose for the human reviewer, never auto-applied as a label or status
check. This is the architectural fix for the previous regime's
over-strictness: removing the binary gate removes the incentive for
panelists to inflate required[] defensively.severity: blocking | recommended | nit. blocking is the highest
signal a panelist can send and renders prominently in the comment; it
still does not block merge. recommended is the default for substantive
feedback. nit is one-line polish. The orchestrator never reads
severity to gate anything.add-comment and one remove-labels call. The
remove-labels call always sweeps panel-review (trigger
idempotency) AND defensively removes panel-approved /
panel-rejected if present (legacy verdict labels from the
pre-advisory regime; they have no meaning here and would mislead
readers if left on a PR after a fresh advisory pass). NO add-labels
call -- there are no verdict labels to apply. Panelist subagents and
the CEO subagent return JSON only and MUST NOT call any gh write
command, post comments, apply labels, or touch the PR state.assets/recommendation-template.md after all subagents
return.| Agent | Role | Always active? |
|---|---|---|
| Python Architect | Architectural Reviewer + supplies mermaid diagrams | Yes |
| CLI Logging Expert | Output UX Reviewer | Yes |
| DevX UX Expert | Package-Manager UX | Yes |
| Supply Chain Security Expert | Threat-Model Reviewer | Yes |
| OSS Growth Hacker | Adoption Strategist | Yes |
| Auth Expert | Auth / Token Reviewer | Conditional (see below) |
| Doc Writer | Documentation Reviewer | Conditional (see below) |
| Test Coverage Expert | Test-Presence Reviewer (paired with DevX UX) | Yes (skipped only on docs-only PRs -- see below) |
| Performance Expert | Package-Manager Performance Reviewer | Conditional (see below) |
| APM CEO | Strategic Arbiter / Synthesizer | Yes |
apm-review-panel SKILL (orchestrator thread)
|
FAN-OUT via task tool (panelists in parallel)
|
+-----+-------+-------+-----+-----+------+-----------+----------+
v v v v v v v v v (cond.)
py cli dx-ux sec grw auth doc-writer test-cov
…
Guide APM positioning, release communication, and breaking-change strategy decisions.
Audit an entire docs corpus against code and propose precise fixes.
Improve CLI output, logs, errors, and terminal diagnostic user experience.
Triages bug batches and drives related PRs to a mergeable state.
Plan doc TOC changes and outline stubs when PRs require structural updates.
Triage APM issues in batches and drive approved ones to mergeable PRs.
Triage microsoft/apm issues and produce one unified resolution comment.
Write complete, evidence-backed PR descriptions for microsoft/apm pull requests.
Review code deeply across correctness, tests, security, performance, and product quality.
Helps teams handle APM positioning, release communication, and breaking-change decisions.
Assess PR documentation impact and produce actionable update guidance every time.
Run multi-model reviews for code changes, PRs, and risky edits.