Task: Set Up Skill Review Automation for Our Open-Source Repository

We maintain a public open-source repository at ~/project on GitHub. External contributors regularly submit pull requests from forks. We need CI automation that keeps secrets safe from fork PRs while still posting review comments.

Configuration (use these values directly — do not ask configuration questions)

• CI Platform: GitHub Actions
• Architecture: Two-pipeline (public repo, external fork contributions, secrets isolation)
• Target branch: develop
• Trigger paths: **/SKILL.md, **/skills/** (defaults)
• Cache location: .github/.tessl/skill-review-cache.json (default for GitHub Actions)
• Score threshold: 70% — skills scoring below this should fail the check

What the pipeline should do

1. Main review workflow: runs on PRs, detects changed skills, runs reviews, calculates scores, saves results as artifacts (does NOT have PR write access)
2. Comment workflow: triggered by workflow_run completion of the main workflow, downloads artifacts, posts PR comment (has PR write access)
3. Score quality gate: fail if any skill scores below 70%
4. Cache commit: auto-commit cache updates on push to develop

Current repository structure

~/project/
  .git/
  skills/
    api-design/SKILL.md
    testing-patterns/SKILL.md
  src/
    index.ts
  package.json

Expected output files

1. ~/project/.github/workflows/tessl-skill-review.yml — main review workflow
2. ~/project/.github/workflows/tessl-skill-review-comment.yml — comment workflow
3. ~/project/.github/.tessl/skill-review-cache.json — initialized cache file

Write all output files to the ~/project directory. Do not run or test anything — just create the files.