Tracked as part of #1365.

Description

The skip-bots mechanism in pr-review.lock.yml checks github.actor (the user who triggered the event) rather than github.event.pull_request.user.login (the PR author). When a maintainer triggers an event on a Dependabot PR (e.g., by merging main into the branch), the bot-skip check passes and the full PR Review runs — producing irrelevant Issue Alignment and PR Template Compliance findings against a Dependabot PR.

Example: PR #1364 → Run #24434520785, triggered by @WilliamBerryiii, resulting in an inappropriate review.

Acceptance Criteria

• pr-review.md Activation Guard includes a condition that checks the PR author (github.event.pull_request.user.login) and calls noop with message "Skipping: PR authored by bot." when the author is dependabot[bot] or github-actions[bot].
• Dependabot PRs never receive Issue Alignment or PR Template Compliance findings from the PR Review workflow, regardless of which user triggers the event.
• If check_skip_bots.cjs is the right place for this fix (upstream framework script), the issue notes that coordination with github/gh-aw-actions may be required.
  Related to fix(workflows): Agentic workflows fail when GitHub strips secrets for fork PRs and Dependabot workflow-file PRs #1365

Generated by Issue Triage for issue #1365 · ● 249.4K · ◷