netwrix · jtviolet · Feb 12, 2026 · Feb 12, 2026
diff --git a/.github/workflows/claude-issue-labeler.yml b/.github/workflows/claude-issue-labeler.yml
@@ -22,45 +22,66 @@ jobs:
             CODE_OF_CONDUCT.md
           sparse-checkout-cone-mode: false
 
-      - name: Process issue with Claude
-        id: claude-processor
+      - name: Step 1 — Security vulnerability screening
+        id: security-screen
         uses: anthropics/claude-code-action@v1
         with:
           anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
           github_token: ${{ secrets.GITHUB_TOKEN }}
           prompt: |
-            A new GitHub issue has been created and needs to be processed through the full issue intake pipeline using the github-issue-manager agent.
-
-            Here are the issue details:
-
-            REPO: ${{ github.repository }}
-            ISSUE_NUMBER: ${{ github.event.issue.number }}
-            ISSUE_TITLE: ${{ github.event.issue.title }}
-            ISSUE_AUTHOR: ${{ github.event.issue.user.login }}
-            ISSUE_LABELS: ${{ join(github.event.issue.labels.*.name, ', ') }}
-            ISSUE_TEMPLATE_USED:
-
-            First, read the full issue body using:
+            Fetch the full issue body:
             gh issue view ${{ github.event.issue.number }} --repo ${{ github.repository }} --json body --jq .body
 
-            Then process this issue through the github-issue-manager pipeline by calling these four skills sequentially, passing the required variables to each:
-
-            1. /identify-security-vuln-discussion — Pass: REPO, ISSUE_NUMBER, ISSUE_TITLE, ISSUE_BODY, ISSUE_AUTHOR
-               Screen for inadvertent security vulnerability disclosure. If found, tag @productsecurityteam and close the issue.
+            Then call /identify-security-vuln-discussion passing these variables:
+            - REPO: ${{ github.repository }}
+            - ISSUE_NUMBER: ${{ github.event.issue.number }}
+            - ISSUE_TITLE: ${{ github.event.issue.title }}
+            - ISSUE_BODY: the body you fetched above
+            - ISSUE_AUTHOR: ${{ github.event.issue.user.login }}
+          claude_args: '--allowedTools "Bash(gh:*),Read,Grep,Glob,Skill(identify-security-vuln-discussion)"'
 
-            2. /code-of-conduct-check — Pass: REPO, ISSUE_NUMBER, ISSUE_TITLE, ISSUE_BODY, ISSUE_AUTHOR
-               Evaluate against the repository's code of conduct. Sanitize violations while preserving technical content.
+      - name: Check if issue is still open
+        id: check-state
+        run: |
+          STATE=$(gh issue view ${{ github.event.issue.number }} --repo ${{ github.repository }} --json state --jq .state)
+          echo "issue_state=$STATE" >> "$GITHUB_OUTPUT"
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
-            3. /issue-template-validation — Pass: REPO, ISSUE_NUMBER, ISSUE_TITLE, ISSUE_BODY, ISSUE_AUTHOR, ISSUE_TEMPLATE_USED
-               Verify correct template usage. Reformat to the appropriate template if needed.
+      - name: Step 2 — Code of conduct check
+        if: steps.check-state.outputs.issue_state == 'OPEN'
+        id: conduct-check
+        uses: anthropics/claude-code-action@v1
+        with:
+          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          prompt: |
+            Fetch the full issue body (it may have been updated by a previous step):
+            gh issue view ${{ github.event.issue.number }} --repo ${{ github.repository }} --json body --jq .body
 
-            4. /assign-label — Pass: REPO, ISSUE_NUMBER, ISSUE_TITLE, ISSUE_BODY, ISSUE_LABELS
-               Assign the most appropriate label(s) from the repository's available labels.
+            Then call /code-of-conduct-check passing these variables:
+            - REPO: ${{ github.repository }}
+            - ISSUE_NUMBER: ${{ github.event.issue.number }}
+            - ISSUE_TITLE: ${{ github.event.issue.title }}
+            - ISSUE_BODY: the body you fetched above
+            - ISSUE_AUTHOR: ${{ github.event.issue.user.login }}
+          claude_args: '--allowedTools "Bash(gh:*),Read,Grep,Glob,Skill(code-of-conduct-check)"'
 
-            Important:
-            - Execute each step sequentially in the exact order above
-            - If any step modifies the issue body, use the updated body for all subsequent steps
-            - If Step 1 closes the issue due to a security vulnerability, skip all remaining steps
-            - Provide a final summary of all actions taken across all steps
+      - name: Step 3 — Assign label
+        if: steps.check-state.outputs.issue_state == 'OPEN'
+        id: assign-label
+        uses: anthropics/claude-code-action@v1
+        with:
+          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          prompt: |
+            Fetch the full issue body (it may have been updated by a previous step):
+            gh issue view ${{ github.event.issue.number }} --repo ${{ github.repository }} --json body --jq .body
 
-          claude_args: '--allowedTools "Bash(gh:*),Read,Grep,Glob,Skill(identify-security-vuln-discussion),Skill(code-of-conduct-check),Skill(assign-label)"'
+            Then call /assign-label passing these variables:
+            - REPO: ${{ github.repository }}
+            - ISSUE_NUMBER: ${{ github.event.issue.number }}
+            - ISSUE_TITLE: ${{ github.event.issue.title }}
+            - ISSUE_BODY: the body you fetched above
+            - ISSUE_LABELS: ${{ join(github.event.issue.labels.*.name, ', ') }}
+          claude_args: '--allowedTools "Bash(gh:*),Skill(assign-label)"'