diff --git a/src/action/main.ts b/src/action/main.ts
index 58d59d7..8b3aaf5 100644
--- a/src/action/main.ts
+++ b/src/action/main.ts
@@ -23,11 +23,12 @@ import { matchTrigger, shouldFail, countFindingsAtOrAbove, countSeverity } from
 import { resolveSkillAsync } from '../skills/loader.js';
 import { filterFindingsBySeverity, SeverityThresholdSchema } from '../types/index.js';
 import {
-  fetchExistingWardenComments,
+  fetchExistingComments,
   deduplicateFindings,
   findingToExistingComment,
+  processDuplicateActions,
 } from '../output/dedup.js';
-import type { ExistingComment } from '../output/dedup.js';
+import type { ExistingComment, DeduplicateResult } from '../output/dedup.js';
 import { buildAnalyzedScope, findStaleComments, resolveStaleComments } from '../output/stale.js';
 import type { EventContext, SkillReport, SeverityThreshold, UsageStats } from '../types/index.js';
 import type { RenderResult } from '../output/types.js';
@@ -643,13 +644,13 @@ async function run(): Promise<void> {
 
   const results = await processInBatches(matchedTriggers, runSingleTrigger, concurrency);
 
-  // Fetch existing Warden comments for deduplication (only for PRs)
+  // Fetch existing comments for deduplication (only for PRs)
   // Keep original list separate for stale detection (modified list includes newly posted comments)
   let fetchedComments: ExistingComment[] = [];
   let existingComments: ExistingComment[] = [];
   if (context.pullRequest) {
     try {
-      fetchedComments = await fetchExistingWardenComments(
+      fetchedComments = await fetchExistingComments(
         octokit,
         context.repository.owner,
         context.repository.name,
@@ -657,7 +658,11 @@ async function run(): Promise<void> {
       );
       existingComments = [...fetchedComments];
       if (fetchedComments.length > 0) {
-        console.log(`Found ${fetchedComments.length} existing Warden comments for deduplication`);
+        const wardenCount = fetchedComments.filter((c) => c.isWarden).length;
+        const externalCount = fetchedComments.length - wardenCount;
+        console.log(
+          `Found ${fetchedComments.length} existing comments for deduplication (${wardenCount} Warden, ${externalCount} external)`
+        );
       }
     } catch (error) {
       console.warn(`::warning::Failed to fetch existing comments for deduplication: ${error}`);
@@ -681,13 +686,40 @@ async function run(): Promise<void> {
         try {
           // Deduplicate findings against existing comments
           let findingsToPost = filteredFindings;
+          let dedupResult: DeduplicateResult | undefined;
+
           if (existingComments.length > 0 && filteredFindings.length > 0) {
-            findingsToPost = await deduplicateFindings(filteredFindings, existingComments, {
+            dedupResult = await deduplicateFindings(filteredFindings, existingComments, {
               apiKey: inputs.anthropicApiKey,
+              currentSkill: result.report.skill,
             });
-            const dedupedCount = filteredFindings.length - findingsToPost.length;
-            if (dedupedCount > 0) {
-              console.log(`Skipping ${dedupedCount} duplicate findings for ${result.triggerName}`);
+            findingsToPost = dedupResult.newFindings;
+
+            if (dedupResult.duplicateActions.length > 0) {
+              console.log(
+                `Found ${dedupResult.duplicateActions.length} duplicate findings for ${result.triggerName}`
+              );
+            }
+          }
+
+          // Process duplicate actions (update Warden comments, add reactions)
+          if (dedupResult && dedupResult.duplicateActions.length > 0) {
+            const actionCounts = await processDuplicateActions(
+              octokit,
+              context.repository.owner,
+              context.repository.name,
+              dedupResult.duplicateActions,
+              result.report.skill
+            );
+
+            if (actionCounts.updated > 0) {
+              console.log(`Updated ${actionCounts.updated} existing Warden comments with skill attribution`);
+            }
+            if (actionCounts.reacted > 0) {
+              console.log(`Added reactions to ${actionCounts.reacted} existing external comments`);
+            }
+            if (actionCounts.failed > 0) {
+              console.warn(`::warning::Failed to process ${actionCounts.failed} duplicate actions`);
             }
           }
 
@@ -715,7 +747,7 @@ async function run(): Promise<void> {
               ? findingsToPost.slice(0, result.maxFindings)
               : findingsToPost;
             for (const finding of postedFindings) {
-              const comment = findingToExistingComment(finding);
+              const comment = findingToExistingComment(finding, result.report.skill);
               if (comment) {
                 existingComments.push(comment);
               }
@@ -748,12 +780,14 @@ async function run(): Promise<void> {
   // Resolve stale Warden comments (comments that no longer have matching findings)
   // Use fetchedComments (not existingComments) to only check comments that have threadIds
   // Only resolve if ALL triggers succeeded - otherwise findings may be missing due to failures
+  // Filter to only Warden comments - we don't resolve external comments
   const allTriggersSucceeded = triggerErrors.length === 0;
-  if (context.pullRequest && fetchedComments.length > 0 && allTriggersSucceeded) {
+  const wardenComments = fetchedComments.filter((c) => c.isWarden);
+  if (context.pullRequest && wardenComments.length > 0 && allTriggersSucceeded) {
     try {
       const allFindings = reports.flatMap((r) => r.findings);
       const scope = buildAnalyzedScope(context.pullRequest.files);
-      const staleComments = findStaleComments(fetchedComments, allFindings, scope);
+      const staleComments = findStaleComments(wardenComments, allFindings, scope);
 
       if (staleComments.length > 0) {
         const resolvedCount = await resolveStaleComments(octokit, staleComments);
@@ -764,7 +798,7 @@ async function run(): Promise<void> {
     } catch (error) {
       console.warn(`::warning::Failed to resolve stale comments: ${error}`);
     }
-  } else if (!allTriggersSucceeded && fetchedComments.length > 0) {
+  } else if (!allTriggersSucceeded && wardenComments.length > 0) {
     console.log('Skipping stale comment resolution due to trigger failures');
   }
 
diff --git a/src/output/dedup.test.ts b/src/output/dedup.test.ts
index ea4b28a..7c518a6 100644
--- a/src/output/dedup.test.ts
+++ b/src/output/dedup.test.ts
@@ -7,6 +7,8 @@ import {
   isWardenComment,
   deduplicateFindings,
   findingToExistingComment,
+  parseWardenSkills,
+  updateWardenCommentBody,
 } from './dedup.js';
 import type { Finding } from '../types/index.js';
 import type { ExistingComment } from './dedup.js';
@@ -140,8 +142,9 @@ describe('deduplicateFindings', () => {
   it('returns all findings when no existing comments', async () => {
     const findings = [baseFinding];
     const result = await deduplicateFindings(findings, [], { hashOnly: true });
-    expect(result).toHaveLength(1);
-    expect(result[0]).toBe(baseFinding);
+    expect(result.newFindings).toHaveLength(1);
+    expect(result.newFindings[0]).toBe(baseFinding);
+    expect(result.duplicateActions).toHaveLength(0);
   });
 
   it('returns all findings when findings array is empty', async () => {
@@ -157,10 +160,11 @@ describe('deduplicateFindings', () => {
     ];
 
     const result = await deduplicateFindings([], existingComments, { hashOnly: true });
-    expect(result).toHaveLength(0);
+    expect(result.newFindings).toHaveLength(0);
+    expect(result.duplicateActions).toHaveLength(0);
   });
 
-  it('filters out exact hash matches', async () => {
+  it('filters out exact hash matches and creates duplicate action', async () => {
     const existingComments: ExistingComment[] = [
       {
         id: 1,
@@ -169,11 +173,15 @@ describe('deduplicateFindings', () => {
         title: 'SQL Injection',
         description: 'User input passed to query',
         contentHash: generateContentHash('SQL Injection', 'User input passed to query'),
+        isWarden: true,
       },
     ];
 
     const result = await deduplicateFindings([baseFinding], existingComments, { hashOnly: true });
-    expect(result).toHaveLength(0);
+    expect(result.newFindings).toHaveLength(0);
+    expect(result.duplicateActions).toHaveLength(1);
+    expect(result.duplicateActions[0]!.type).toBe('update_warden');
+    expect(result.duplicateActions[0]!.matchType).toBe('hash');
   });
 
   it('keeps findings with different content', async () => {
@@ -198,8 +206,9 @@ describe('deduplicateFindings', () => {
     const result = await deduplicateFindings([differentFinding], existingComments, {
       hashOnly: true,
     });
-    expect(result).toHaveLength(1);
-    expect(result[0]!.title).toBe('XSS Vulnerability');
+    expect(result.newFindings).toHaveLength(1);
+    expect(result.newFindings[0]!.title).toBe('XSS Vulnerability');
+    expect(result.duplicateActions).toHaveLength(0);
   });
 
   it('filters multiple duplicates and keeps unique findings', async () => {
@@ -235,6 +244,7 @@ describe('deduplicateFindings', () => {
         title: 'SQL Injection',
         description: 'User input passed to query',
         contentHash: generateContentHash('SQL Injection', 'User input passed to query'),
+        isWarden: true,
       },
       {
         id: 2,
@@ -243,14 +253,20 @@ describe('deduplicateFindings', () => {
         title: 'Code Style',
         description: 'Inconsistent indentation',
         contentHash: generateContentHash('Code Style', 'Inconsistent indentation'),
+        isWarden: false,
       },
     ];
 
     const result = await deduplicateFindings([finding1, finding2, finding3], existingComments, {
       hashOnly: true,
     });
-    expect(result).toHaveLength(1);
-    expect(result[0]!.id).toBe('f2');
+    expect(result.newFindings).toHaveLength(1);
+    expect(result.newFindings[0]!.id).toBe('f2');
+    expect(result.duplicateActions).toHaveLength(2);
+    // First should be update_warden (isWarden: true)
+    expect(result.duplicateActions[0]!.type).toBe('update_warden');
+    // Second should be react_external (isWarden: false)
+    expect(result.duplicateActions[1]!.type).toBe('react_external');
   });
 
   it('works without API key (hash-only mode)', async () => {
@@ -258,7 +274,52 @@ describe('deduplicateFindings', () => {
     const existingComments: ExistingComment[] = [];
 
     const result = await deduplicateFindings(findings, existingComments, {});
-    expect(result).toHaveLength(1);
+    expect(result.newFindings).toHaveLength(1);
+  });
+});
+
+describe('parseWardenSkills', () => {
+  it('parses single skill', () => {
+    const body = `**:warning: Issue**\n\nDescription\n\n---\n<sub>warden: security-review</sub>`;
+    expect(parseWardenSkills(body)).toEqual(['security-review']);
+  });
+
+  it('parses multiple skills', () => {
+    const body = `**:warning: Issue**\n\nDescription\n\n---\n<sub>warden: security-review, code-quality, performance</sub>`;
+    expect(parseWardenSkills(body)).toEqual(['security-review', 'code-quality', 'performance']);
+  });
+
+  it('handles extra whitespace', () => {
+    const body = `<sub>warden:  skill1 ,  skill2 </sub>`;
+    expect(parseWardenSkills(body)).toEqual(['skill1', 'skill2']);
+  });
+
+  it('returns empty array for non-Warden comment', () => {
+    const body = 'Regular comment without attribution';
+    expect(parseWardenSkills(body)).toEqual([]);
+  });
+});
+
+describe('updateWardenCommentBody', () => {
+  it('adds new skill to attribution', () => {
+    const body = `**:warning: Issue**\n\nDescription\n\n---\n<sub>warden: skill1</sub>`;
+    const result = updateWardenCommentBody(body, 'skill2');
+    expect(result).toContain('<sub>warden: skill1, skill2</sub>');
+  });
+
+  it('returns null if skill already listed', () => {
+    const body = `<sub>warden: skill1, skill2</sub>`;
+    const result = updateWardenCommentBody(body, 'skill1');
+    expect(result).toBeNull();
+  });
+
+  it('preserves rest of comment body', () => {
+    const body = `**:warning: SQL Injection**\n\nUser input passed to query\n\n---\n<sub>warden: security-review</sub>\n<!-- warden:v1:file.ts:10:abc123 -->`;
+    const result = updateWardenCommentBody(body, 'code-quality');
+    expect(result).toContain('**:warning: SQL Injection**');
+    expect(result).toContain('User input passed to query');
+    expect(result).toContain('<sub>warden: security-review, code-quality</sub>');
+    expect(result).toContain('<!-- warden:v1:file.ts:10:abc123 -->');
   });
 });
 
@@ -284,9 +345,29 @@ describe('findingToExistingComment', () => {
       title: 'SQL Injection',
       description: 'User input passed to query',
       contentHash: generateContentHash('SQL Injection', 'User input passed to query'),
+      isWarden: true,
+      skills: [],
     });
   });
 
+  it('includes skill when provided', () => {
+    const finding: Finding = {
+      id: 'f1',
+      severity: 'high',
+      title: 'SQL Injection',
+      description: 'User input passed to query',
+      location: {
+        path: 'src/db.ts',
+        startLine: 42,
+      },
+    };
+
+    const comment = findingToExistingComment(finding, 'security-review');
+    expect(comment).not.toBeNull();
+    expect(comment!.isWarden).toBe(true);
+    expect(comment!.skills).toEqual(['security-review']);
+  });
+
   it('uses startLine when endLine is not set', () => {
     const finding: Finding = {
       id: 'f1',
diff --git a/src/output/dedup.ts b/src/output/dedup.ts
index 8b325cd..0d2f1c7 100644
--- a/src/output/dedup.ts
+++ b/src/output/dedup.ts
@@ -4,9 +4,6 @@ import Anthropic from '@anthropic-ai/sdk';
 import { z } from 'zod';
 import type { Finding } from '../types/index.js';
 
-/** Schema for validating LLM deduplication response */
-const DuplicateIndicesSchema = z.array(z.number().int());
-
 /**
  * Parsed marker data from a Warden comment.
  */
@@ -17,7 +14,7 @@ export interface WardenMarker {
 }
 
 /**
- * Existing Warden comment from GitHub.
+ * Existing comment from GitHub (either Warden or external).
  */
 export interface ExistingComment {
   id: number;
@@ -30,6 +27,40 @@ export interface ExistingComment {
   threadId?: string;
   /** Whether the thread has been resolved (resolved comments are used for dedup but not stale detection) */
   isResolved?: boolean;
+  /** Whether this is a Warden-generated comment */
+  isWarden?: boolean;
+  /** Skills that have already detected this issue (for Warden comments) */
+  skills?: string[];
+  /** The raw comment body (needed for updating Warden comments) */
+  body?: string;
+  /** GraphQL node ID for the comment (needed for adding reactions) */
+  commentNodeId?: string;
+}
+
+/**
+ * Type of action to take for a duplicate finding.
+ */
+export type DuplicateActionType = 'update_warden' | 'react_external';
+
+/**
+ * Action to take for a duplicate finding.
+ */
+export interface DuplicateAction {
+  type: DuplicateActionType;
+  finding: Finding;
+  existingComment: ExistingComment;
+  /** Whether this was a hash match or semantic match */
+  matchType: 'hash' | 'semantic';
+}
+
+/**
+ * Result of deduplication with actions for duplicates.
+ */
+export interface DeduplicateResult {
+  /** Findings that are not duplicates - should be posted */
+  newFindings: Finding[];
+  /** Actions to take for duplicate findings */
+  duplicateActions: DuplicateAction[];
 }
 
 /**
@@ -59,10 +90,8 @@ export function parseMarker(body: string): WardenMarker | null {
     return null;
   }
 
-  const [, path, lineStr, contentHash] = match;
-  if (!path || !lineStr || !contentHash) {
-    return null;
-  }
+  // Capture groups are guaranteed to exist when the regex matches
+  const [, path, lineStr, contentHash] = match as [string, string, string, string];
 
   return {
     path,
@@ -102,12 +131,52 @@ export function isWardenComment(body: string): boolean {
   return body.includes('<sub>warden:') || body.includes('<!-- warden:v1:');
 }
 
+/**
+ * Parse skill names from a Warden comment's attribution line.
+ * Handles both single skill: "<sub>warden: skill-name</sub>"
+ * And multiple skills: "<sub>warden: skill1, skill2</sub>"
+ */
+export function parseWardenSkills(body: string): string[] {
+  const match = body.match(/<sub>warden:\s*([^<]+)<\/sub>/);
+  if (!match || !match[1]) {
+    return [];
+  }
+  return match[1]
+    .split(',')
+    .map((s) => s.trim())
+    .filter(Boolean);
+}
+
+/**
+ * Update a Warden comment body to add a new skill to the attribution.
+ * Changes "<sub>warden: skill1</sub>" to "<sub>warden: skill1, skill2</sub>"
+ * Returns null if skill is already listed or if no <sub>warden:...</sub> tag exists.
+ */
+export function updateWardenCommentBody(body: string, newSkill: string): string | null {
+  const existingSkills = parseWardenSkills(body);
+
+  // If no existing <sub>warden:...</sub> tag exists, we can't update it
+  if (existingSkills.length === 0) {
+    return null;
+  }
+
+  // Don't update if skill already listed
+  if (existingSkills.includes(newSkill)) {
+    return null;
+  }
+
+  const allSkills = [...existingSkills, newSkill].join(', ');
+  // Use a replacer function to avoid special $ character interpretation in skill names
+  return body.replace(/<sub>warden:\s*[^<]+<\/sub>/, () => `<sub>warden: ${allSkills}</sub>`);
+}
+
 /** GraphQL response structure for review threads */
 interface ReviewThreadNode {
   id: string;
   isResolved: boolean;
   comments: {
     nodes: {
+      id: string; // GraphQL node ID (for reactions)
       databaseId: number;
       body: string;
       path: string;
@@ -145,6 +214,7 @@ const REVIEW_THREADS_QUERY = `
             isResolved
             comments(first: 1) {
               nodes {
+                id
                 databaseId
                 body
                 path
@@ -160,10 +230,10 @@ const REVIEW_THREADS_QUERY = `
 `;
 
 /**
- * Fetch all existing Warden review comments for a PR.
- * Uses GraphQL to get thread IDs for stale comment resolution.
+ * Fetch all existing review comments for a PR (both Warden and external).
+ * Uses GraphQL to get thread IDs for stale comment resolution and node IDs for reactions.
  */
-export async function fetchExistingWardenComments(
+export async function fetchExistingComments(
   octokit: Octokit,
   owner: string,
   repo: string,
@@ -192,27 +262,35 @@ export async function fetchExistingWardenComments(
     const threads = pullRequest.reviewThreads;
 
     for (const thread of threads.nodes) {
-      // Get the first comment in the thread (the main Warden comment)
+      // Get the first comment in the thread
       const firstComment = thread.comments.nodes[0];
-      if (!firstComment || !isWardenComment(firstComment.body)) {
+      if (!firstComment) {
         continue;
       }
 
-      const marker = parseMarker(firstComment.body);
+      const isWarden = isWardenComment(firstComment.body);
+      const marker = isWarden ? parseMarker(firstComment.body) : null;
       const parsed = parseWardenComment(firstComment.body);
 
-      if (parsed) {
-        comments.push({
-          id: firstComment.databaseId,
-          path: marker?.path ?? firstComment.path,
-          line: marker?.line ?? firstComment.line ?? firstComment.originalLine ?? 0,
-          title: parsed.title,
-          description: parsed.description,
-          contentHash: marker?.contentHash ?? generateContentHash(parsed.title, parsed.description),
-          threadId: thread.id,
-          isResolved: thread.isResolved,
-        });
-      }
+      // For Warden comments, we need parsed title/description
+      // For external comments, we extract what we can or use body as description
+      const title = parsed?.title ?? '';
+      const description = parsed?.description ?? firstComment.body.slice(0, 500);
+
+      comments.push({
+        id: firstComment.databaseId,
+        path: marker?.path ?? firstComment.path,
+        line: marker?.line ?? firstComment.line ?? firstComment.originalLine ?? 0,
+        title,
+        description,
+        contentHash: marker?.contentHash ?? generateContentHash(title, description),
+        threadId: thread.id,
+        isResolved: thread.isResolved,
+        isWarden,
+        skills: isWarden ? parseWardenSkills(firstComment.body) : undefined,
+        body: firstComment.body,
+        commentNodeId: firstComment.id,
+      });
     }
 
     hasNextPage = threads.pageInfo.hasNextPage;
@@ -222,17 +300,38 @@ export async function fetchExistingWardenComments(
   return comments;
 }
 
+/**
+ * @deprecated Use fetchExistingComments instead
+ */
+export async function fetchExistingWardenComments(
+  octokit: Octokit,
+  owner: string,
+  repo: string,
+  prNumber: number
+): Promise<ExistingComment[]> {
+  const allComments = await fetchExistingComments(octokit, owner, repo, prNumber);
+  return allComments.filter((c) => c.isWarden);
+}
+
+/** Schema for validating LLM deduplication response with matched indices */
+const DuplicateMatchesSchema = z.array(
+  z.object({
+    findingIndex: z.number().int(),
+    existingIndex: z.number().int(),
+  })
+);
+
 /**
  * Use LLM to identify which findings are semantic duplicates of existing comments.
- * Returns a Set of finding IDs that should be skipped as duplicates.
+ * Returns a Map of finding ID to matched ExistingComment.
  */
 async function findSemanticDuplicates(
   findings: Finding[],
   existingComments: ExistingComment[],
   apiKey: string
-): Promise<Set<string>> {
+): Promise<Map<string, ExistingComment>> {
   if (findings.length === 0 || existingComments.length === 0) {
-    return new Set();
+    return new Map();
   }
 
   const client = new Anthropic({ apiKey });
@@ -257,16 +356,19 @@ ${existingList}
 New findings:
 ${findingsList}
 
-Return a JSON array of numbers for findings that are DUPLICATES of existing comments.
+Return a JSON array of objects identifying which findings are DUPLICATES of which existing comments.
 Only mark as duplicate if they describe the SAME issue at the SAME location (within a few lines).
 Different issues at the same location are NOT duplicates.
 
-Return ONLY the JSON array, e.g. [1, 3] or [] if none are duplicates.`;
+Return ONLY the JSON array in this format:
+[{"findingIndex": 1, "existingIndex": 2}]
+where findingIndex is the 1-based index of the new finding and existingIndex is the 1-based index of the matching existing comment.
+Return [] if none are duplicates.`;
 
   try {
     const response = await client.messages.create({
       model: 'claude-haiku-4-5',
-      max_tokens: 256,
+      max_tokens: 512,
       messages: [{ role: 'user', content: prompt }],
     });
 
@@ -275,21 +377,21 @@ Return ONLY the JSON array, e.g. [1, 3] or [] if none are duplicates.`;
       throw new Error('Unexpected response type');
     }
 
-    const duplicateIndices = DuplicateIndicesSchema.parse(JSON.parse(content.text));
-    const duplicateIds = new Set<string>();
+    const parsed = DuplicateMatchesSchema.parse(JSON.parse(content.text));
+    const matches = new Map<string, ExistingComment>();
 
-    for (const num of duplicateIndices) {
-      // Convert 1-based index to 0-based
-      const finding = findings[num - 1];
-      if (finding) {
-        duplicateIds.add(finding.id);
+    for (const match of parsed) {
+      const finding = findings[match.findingIndex - 1];
+      const existing = existingComments[match.existingIndex - 1];
+      if (finding && existing) {
+        matches.set(finding.id, existing);
       }
     }
 
-    return duplicateIds;
+    return matches;
   } catch (error) {
     console.warn(`LLM deduplication failed, falling back to hash-only: ${error}`);
-    return new Set();
+    return new Map();
   }
 }
 
@@ -301,13 +403,108 @@ export interface DeduplicateOptions {
   apiKey?: string;
   /** Skip LLM deduplication and only use exact hash matching */
   hashOnly?: boolean;
+  /** Current skill name (for updating Warden comment attribution) */
+  currentSkill?: string;
+}
+
+const ADD_REACTION_MUTATION = `
+  mutation($subjectId: ID!, $content: ReactionContent!) {
+    addReaction(input: { subjectId: $subjectId, content: $content }) {
+      reaction {
+        content
+      }
+    }
+  }
+`;
+
+/**
+ * Update an existing Warden PR review comment via REST API.
+ */
+export async function updateWardenComment(
+  octokit: Octokit,
+  owner: string,
+  repo: string,
+  commentId: number,
+  newBody: string
+): Promise<void> {
+  await octokit.pulls.updateReviewComment({
+    owner,
+    repo,
+    comment_id: commentId,
+    body: newBody,
+  });
+}
+
+/**
+ * Add a reaction to an existing PR review comment.
+ * Uses GraphQL to handle review comments.
+ */
+export async function addReactionToComment(
+  octokit: Octokit,
+  commentNodeId: string,
+  reaction: 'THUMBS_UP' | 'EYES' = 'EYES'
+): Promise<void> {
+  await octokit.graphql(ADD_REACTION_MUTATION, {
+    subjectId: commentNodeId,
+    content: reaction,
+  });
+}
+
+/**
+ * Process duplicate actions - update Warden comments and add reactions.
+ * Returns counts of actions taken for logging.
+ */
+export async function processDuplicateActions(
+  octokit: Octokit,
+  owner: string,
+  repo: string,
+  actions: DuplicateAction[],
+  currentSkill: string
+): Promise<{ updated: number; reacted: number; skipped: number; failed: number }> {
+  let updated = 0;
+  let reacted = 0;
+  let skipped = 0;
+  let failed = 0;
+
+  for (const action of actions) {
+    try {
+      if (action.type === 'update_warden') {
+        if (!action.existingComment.body) {
+          skipped++;
+          continue;
+        }
+        const newBody = updateWardenCommentBody(action.existingComment.body, currentSkill);
+        // Only update if body actually changed (skill wasn't already listed)
+        if (newBody) {
+          await updateWardenComment(octokit, owner, repo, action.existingComment.id, newBody);
+          // Update in-memory body so subsequent triggers see the updated content
+          action.existingComment.body = newBody;
+          updated++;
+        } else {
+          skipped++;
+        }
+      } else if (action.type === 'react_external') {
+        if (!action.existingComment.commentNodeId) {
+          skipped++;
+          continue;
+        }
+        await addReactionToComment(octokit, action.existingComment.commentNodeId);
+        reacted++;
+      }
+    } catch (error) {
+      console.warn(`Failed to process duplicate action for ${action.finding.title}: ${error}`);
+      failed++;
+    }
+  }
+
+  return { updated, reacted, skipped, failed };
 }
 
 /**
  * Convert a Finding to an ExistingComment for cross-trigger deduplication.
  * Returns null if the finding has no location.
  */
-export function findingToExistingComment(finding: Finding): ExistingComment | null {
+export function findingToExistingComment(finding: Finding, skill?: string): ExistingComment | null {
   if (!finding.location) {
     return null;
   }
@@ -319,35 +516,42 @@ export function findingToExistingComment(finding: Finding): ExistingComment | nu
     title: finding.title,
     description: finding.description,
     contentHash: generateContentHash(finding.title, finding.description),
+    isWarden: true,
+    skills: skill ? [skill] : [],
   };
 }
 
 /**
- * Deduplicate findings against existing Warden comments.
- * Returns only non-duplicate findings.
+ * Deduplicate findings against existing comments.
+ * Returns non-duplicate findings and actions to take for duplicates.
  *
  * Deduplication is two-pass:
- * 1. Exact content hash match - instant skip
+ * 1. Exact content hash match - instant match
  * 2. LLM semantic comparison for remaining findings (if API key provided)
+ *
+ * For duplicates:
+ * - If matching a Warden comment: action to update attribution with new skill
+ * - If matching an external comment: action to add reaction
  */
 export async function deduplicateFindings(
   findings: Finding[],
   existingComments: ExistingComment[],
   options: DeduplicateOptions = {}
-): Promise<Finding[]> {
+): Promise<DeduplicateResult> {
   if (findings.length === 0 || existingComments.length === 0) {
-    return findings;
+    return { newFindings: findings, duplicateActions: [] };
   }
 
   // Build a map of existing comments by location+hash for fast lookup
-  // Key format: "path:line:contentHash" to ensure same content at different locations is not deduped
-  const existingKeys = new Set(
-    existingComments.map((c) => `${c.path}:${c.line}:${c.contentHash}`)
-  );
+  const existingByKey = new Map<string, ExistingComment>();
+  for (const c of existingComments) {
+    const key = `${c.path}:${c.line}:${c.contentHash}`;
+    existingByKey.set(key, c);
+  }
 
-  // First pass: filter out exact matches (same content at same location)
+  // First pass: find exact matches (same content at same location)
   const hashDedupedFindings: Finding[] = [];
-  let exactMatchCount = 0;
+  const duplicateActions: DuplicateAction[] = [];
 
   for (const finding of findings) {
     const hash = generateContentHash(finding.title, finding.description);
@@ -355,28 +559,49 @@ export async function deduplicateFindings(
     const path = finding.location?.path ?? '';
     const key = `${path}:${line}:${hash}`;
 
-    if (existingKeys.has(key)) {
-      exactMatchCount++;
+    const matchingComment = existingByKey.get(key);
+    if (matchingComment) {
+      duplicateActions.push({
+        type: matchingComment.isWarden ? 'update_warden' : 'react_external',
+        finding,
+        existingComment: matchingComment,
+        matchType: 'hash',
+      });
     } else {
       hashDedupedFindings.push(finding);
     }
   }
 
-  if (exactMatchCount > 0) {
-    console.log(`Dedup: ${exactMatchCount} findings matched by content hash`);
+  if (duplicateActions.length > 0) {
+    console.log(`Dedup: ${duplicateActions.length} findings matched by content hash`);
   }
 
   // If hash-only mode, no API key, or no remaining findings, stop here
   if (options.hashOnly || !options.apiKey || hashDedupedFindings.length === 0) {
-    return hashDedupedFindings;
+    return { newFindings: hashDedupedFindings, duplicateActions };
   }
 
   // Second pass: LLM semantic comparison for remaining findings
-  const duplicateIds = await findSemanticDuplicates(hashDedupedFindings, existingComments, options.apiKey);
+  const semanticMatches = await findSemanticDuplicates(hashDedupedFindings, existingComments, options.apiKey);
+
+  if (semanticMatches.size > 0) {
+    console.log(`Dedup: ${semanticMatches.size} findings identified as semantic duplicates by LLM`);
+  }
 
-  if (duplicateIds.size > 0) {
-    console.log(`Dedup: ${duplicateIds.size} findings identified as semantic duplicates by LLM`);
+  const newFindings: Finding[] = [];
+  for (const finding of hashDedupedFindings) {
+    const matchingComment = semanticMatches.get(finding.id);
+    if (matchingComment) {
+      duplicateActions.push({
+        type: matchingComment.isWarden ? 'update_warden' : 'react_external',
+        finding,
+        existingComment: matchingComment,
+        matchType: 'semantic',
+      });
+    } else {
+      newFindings.push(finding);
+    }
   }
 
-  return hashDedupedFindings.filter((f) => !duplicateIds.has(f.id));
+  return { newFindings, duplicateActions };
 }