diff --git a/.github/scripts/agent-scan-label-pr.mjs b/.github/scripts/agent-scan-label-pr.mjs
new file mode 100644
index 000000000000..91b4182b36f2
--- /dev/null
+++ b/.github/scripts/agent-scan-label-pr.mjs
@@ -0,0 +1,36 @@
+import * as core from '@actions/core';
+import * as github from '@actions/github';
+
+/**
+ * agent scan classification rename
+ * - organic -> human
+ * - automated
+ * - mixed
+ */
+const CLASSIFICATION_MAP = {
+  organic: 'human',
+  automation: 'automated',
+};
+
+async function main() {
+  const classification = core.getInput('classification', { required: true });
+  const token = core.getInput('token', { required: true });
+  const isCommunityFlagged = core.getInput('community-flagged') === 'true';
+
+  const octokit = github.getOctokit(token);
+  const prNumber = github.context.payload.pull_request.number;
+
+  const labels = [`agent-scan:${CLASSIFICATION_MAP[classification] ?? classification}`];
+  if (isCommunityFlagged) {
+    labels.push('agent-scan:community-flagged');
+  }
+  await octokit.rest.issues.addLabels({
+    ...github.context.repo,
+    issue_number: prNumber,
+    labels: labels,
+  });
+}
+
+main().catch((error) => {
+  core.setFailed(error.message);
+});
diff --git a/.github/scripts/package.json b/.github/scripts/package.json
new file mode 100644
index 000000000000..66b3b0a4a950
--- /dev/null
+++ b/.github/scripts/package.json
@@ -0,0 +1,8 @@
+{
+  "private": true,
+  "type": "module",
+  "dependencies": {
+    "@actions/core": "^1.11.1",
+    "@actions/github": "^6.0.0"
+  }
+}
diff --git a/.github/workflows/agent-scan.yml b/.github/workflows/agent-scan.yml
new file mode 100644
index 000000000000..7b498c976571
--- /dev/null
+++ b/.github/workflows/agent-scan.yml
@@ -0,0 +1,44 @@
+name: agent-scan
+
+on:
+  pull_request_target:
+    types:
+      - opened
+      - reopened
+    branches:
+      - next
+      - main
+
+concurrency:
+  group: agent-scan-${{ github.event.pull_request.number }}
+  cancel-in-progress: true
+
+jobs:
+  agentscan:
+    if: github.repository_owner == 'storybookjs'
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      - name: Install script dependencies
+        run: npm install --prefix .github/scripts
+      - name: Cache AgentScan analysis
+        uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7
+        with:
+          path: .agentscan-cache
+          key: agentscan-cache-${{ github.actor }}
+          restore-keys: agentscan-cache-
+      - name: AgentScan
+        id: agentscan
+        uses: MatteoGabriele/agentscan-action@a584774dd15cabe6df4c6ab45fc43514a3b56b2d
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          skip-members: "dependabot[bot],AriPerkkio,huang-julien,MichaelArestad,yannbf,vanessayuenn,jonniebigodes,Sidnioulz,kasperpeulen,valentinpalkovic,github-actions[bot],ndelangen,shilman,JReinhold,ghengeveld,storybook-bot,kylegach"
+          agent-scan-comment: false
+          cache-path: .agentscan-cache
+      - name: Label PR with classification
+        env:
+          INPUT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          INPUT_CLASSIFICATION: ${{ steps.agentscan.outputs.classification }}
+        run: node .github/scripts/agent-scan-label-pr.mjs
\ No newline at end of file