diff --git a/.github/workflows/agent-shield.yml b/.github/workflows/agent-shield.yml
new file mode 100644
index 00000000..8704981d
--- /dev/null
+++ b/.github/workflows/agent-shield.yml
@@ -0,0 +1,33 @@
+# ─────────────────────────────────────────────────────────────────────────────
+# SOURCE OF TRUTH: petry-projects/.github/standards/workflows/agent-shield.yml
+# Standard:        petry-projects/.github/standards/agent-standards.md
+# Reusable:        petry-projects/.github/.github/workflows/agent-shield-reusable.yml
+#
+# AGENTS — READ BEFORE EDITING:
+#   • This file is a THIN CALLER STUB. The AgentShield CLI scan and the
+#     org-specific structural checks live in the reusable workflow above.
+#   • You MAY change: the `with:` inputs (min-severity, agentshield-version,
+#     required-files, org-standards-ref) — only if your repo genuinely needs
+#     a different policy.
+#   • You MUST NOT change: trigger events, the `uses:` line, or the job name
+#     (used as a required status check).
+#   • If you need different behaviour beyond the inputs, open a PR against
+#     the reusable in the central repo.
+# ─────────────────────────────────────────────────────────────────────────────
+#
+# AgentShield — thin caller for the org-level reusable.
+# To adopt: copy this file to .github/workflows/agent-shield.yml in your repo.
+name: AgentShield
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+permissions:
+  contents: read
+
+jobs:
+  agent-shield:
+    uses: petry-projects/.github/.github/workflows/agent-shield-reusable.yml@v1