feat: add uipath-automation-discovery skill

[uisherif]

Summary

New skill that discovers internal automation opportunities by investigating how employees actually work across an organization's systems of record.

• 5-phase methodology: intake → mine → analyze → reflect → report
• Multi-source mining: Slack/Teams, Gmail/Outlook, Confluence/Notion/SharePoint, Jira/Linear/ServiceNow, Salesforce/HubSpot, Workday/BambooHR, SAP/NetSuite
• 4-tier prioritized output: (1) replicate proven models, (2) behavioral automations, (3) operational gaps, (4) strategic
• Key patterns detected: single points of failure (SPOFs), replicable models, swivel-chair processes, recurring manual work

Why

Packages a proven methodology that was used to identify 31 automation opportunities at UiPath by analyzing 163K+ Slack messages, 33+ COE projects, and 15 departments. Makes this repeatable for any company.

Structure

skills/uipath-automation-discovery/
├── SKILL.md                          # Core workflow (Phases 0-4)
└── references/
    ├── mining-guides.md              # Per-source search guidance
    └── report-template.md            # Output structure & evidence standards

Checklist

• name in frontmatter matches folder name
• Description ≤ 1024 characters (875)
• Critical Rules section with numbered, actionable rules
• When to Use This Skill section
• Reference Navigation section with relative links
• Self-contained (no cross-skill dependencies)
• CODEOWNERS updated (@uisherif)
• No secrets, tokens, or personal paths

[uipreliga]

Code Review — PR #542 (uipath-automation-discovery)

Multi-reviewer review (Opus 4.6, Gemini 3 Pro, GPT-5.3 Codex). High consensus on the blocking items below.

Critical / High Issues

1. Privacy / consent guardrails missing (CRITICAL — flagged by all 3 reviewers)

SKILL.md:32-41, SKILL.md:160-167, SKILL.md:247-250

Skill instructs the agent to mine personal email, Slack DMs, HRIS/Workday, payroll, performance review data, and to name individual SPOFs in a deliverable, with no consent/authorization rule. Critical Rule 3 actively requires naming people. No GDPR Art. 88 / works-council / employee-monitoring caveat. This is real liability.

Fix: Add as the new Rule 1 (highest priority):

• Authorization first. Require explicit confirmation that the requester is authorized to analyze the selected systems and employee data for this purpose.
• Minimum necessary data. Avoid private channels/DMs and special-category HR data unless explicitly approved.
• Pseudonymize by default. Report SPOFs as role/team (Sales Ops Lead A); include person names only when explicitly authorized.
• Regional compliance check. Ask for jurisdiction constraints (GDPR/works council/internal policy); apply stricter rule when uncertain.

2. Scope fit — does this belong in the UiPath skills repo? (CRITICAL — flagged by Opus + Codex)

SKILL.md:1-16, SKILL.md:117-266

The skill never references UiPath authoring concepts, never produces a UiPath artifact, never invokes uip CLI, and never hands off to a sibling skill. It is a generic enterprise process-discovery assistant that could trigger on any "find manual work to automate" request, with no UiPath context.

Fix (recommended): Reframe as a prelude to UiPath authoring — Phase 5 must hand off to uipath-planner / uipath-rpa / uipath-maestro-flow, and the report must produce a UiPath-ready backlog with recommended next-step skill per item. Add → redirects to sibling skills in the description.

3. Hallucinated CLI tools (HIGH — flagged by all 3)

SKILL.md:82-87, report-template.md:90

slack-cli search, gws-gmail, gws-docs are not standard tools. Slack's actual first-party CLI is slack and is for app development, not message search. gws-* are not recognized Google Workspace CLIs. Agents will fail or fabricate flags. (sf data query and gh api user are real and correct.)

Fix: Replace with MCP/API-based phrasing:

- Slack: MCP slack_read_channel or workspace API
- Gmail/Outlook: approved mail MCP/API connector
- Confluence: MCP searchConfluenceUsingCql
- Jira: MCP searchJiraIssuesUsingJql
- Salesforce: sf data query
- GitHub: gh api user
- If a named CLI is unavailable, do not invent flags; ask the user which installed tool/connector to use.

4. Description does not match repo convention (HIGH — flagged by Opus + Codex)

SKILL.md:3-15

Description is paragraph prose, not brand-first, no → redirects to sibling skills (uipath-planner, uipath-rpa, uipath-maestro-flow). Sibling skills follow brand-first identity + compact → redirects (per CLAUDE.md and .claude/rules/skill-structure.md canonical convention; the linter-edited TRIGGER variant is contradicted by the rest of the repo and recently merged sibling skills).

Fix (example):

description: "UiPath automation discovery — mines Slack/email/wikis/CRM/HRIS/ERP for repetitive work, SPOFs, and replicable models; produces 4-tier prioritized opportunity report. Hand off to uipath-planner for authoring. For workflow code→uipath-rpa, Flows→uipath-maestro-flow."

5. Anti-patterns / "What NOT to Do" section missing (HIGH — flagged by Opus)

SKILL.md (overall)

.claude/rules/skill-structure.md body order calls for an Anti-patterns section; sibling skills include them.

Fix: Add ## Anti-patterns covering: don't mine before intake; don't name SPOFs without consent; don't fabricate metrics when a source is empty; don't promise ROI numbers without source citations; don't skip the replicable-model search.

6. No stop conditions / unbounded exploration (HIGH — flagged by Codex)

SKILL.md:76-80, 108-115, 128, 257-261

Phases 1-4 have no max iteration depth or abort boundary. "30+ findings" is a floor with no ceiling.

Fix: Add per-tier hard stops (Quick: 10 findings, Standard: 20-25, Deep dive: 35 or timebox), retry budget for failed sources (max 2), and "stop when no new high-confidence findings in 2 consecutive source passes."

Medium Issues

• Reference filename plural (references/mining-guides.md) — convention is <topic>-guide.md singular. Rename to mining-guide.md and update SKILL.md links at lines 130 and 265. (All 3 reviewers)
• Duplication — Tier definitions, replicable-model table, and evidence standards appear in both SKILL.md:231-253 and report-template.md:73-83. Make report-template.md canonical; SKILL.md should link, not restate. (Opus + Codex)
• Critical Rules 5-7 are stylistic, not correctness (SKILL.md:38-40) — "Share interim findings", "graceful degradation", "SPOFs urgent" don't cause incorrectness if violated. Demote to body prose or rewrite as enforceable rules. (Opus)
• Empty/sparse-dataset handling missing — when sources return little data, the workflow has no rule against speculative conclusions. Add: "below signal threshold → mark low confidence; insufficient evidence → don't promote to Tier 1-3." (Codex)

Low Issues

• Phase 0 intake (SKILL.md:42-115, 73 lines) could be extracted to references/intake-guide.md to reduce SKILL.md base load.
• CODEOWNERS:31 has a single owner (@uisherif) — sibling skills have 2+ owners. Bus factor 1. (All 3)
• SKILL.md:128, 257-261 says "use parallel agents" without a mechanism. Specify Task tool with general-purpose agents, one per source category.

Positive Observations

• Phase structure (Intake → Mine → Analyze → Reflect → Report) is logical and well-sequenced.
• Phase 0 intake is thorough — prevents the most expensive failure mode (mining without context).
• Tier system is opinionated and well-differentiated; "Replication is always Tier 1" is a strong heuristic.
• Mining guides have concrete, copy-paste search queries per platform.
• Evidence Standards in report-template.md enforce real quality (source + metric + person + impact).
• Frontmatter is valid YAML; name matches folder; internal links resolve.

Overall Assessment

Request changes. The skill is methodologically sound and well-organized, but two blocking concerns must be addressed before merge: (1) privacy guardrails for mining sensitive employee data and naming individuals, and (2) scope fit — either reframe with explicit handoff to UiPath authoring skills + → redirects, or move out of this repo. Several convention fixes (description format, missing anti-patterns, plural filename, hallucinated CLIs) are straightforward.

[uipreliga]

Great contribution, but there are some gaps - can you run your agent to fix them?