diff --git a/.github/workflows/close-pr.yml b/.github/workflows/close-pr.yml
deleted file mode 100644
index 85b6eb8b1dec0..0000000000000
--- a/.github/workflows/close-pr.yml
+++ /dev/null
@@ -1,17 +0,0 @@
-name: Close Pull Request
-on:
-  pull_request_target:
-    types: [opened, reopened]
-
-jobs:
-  close-pr:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Close PR
-        env:
-          GH_TOKEN: ${{ github.token }}
-          GH_REPO: ${{ github.repository }}
-          PR: ${{ github.event.pull_request.number }}
-        run: |
-          gh pr close ${{ env.PR }} --comment "(Automated Close) Please do not file pull requests here, see https://firefox-source-docs.mozilla.org/contributing/how_to_submit_a_patch.html"
-          gh pr lock ${{ env.PR }}
diff --git a/.github/workflows/pr-handler.yml b/.github/workflows/pr-handler.yml
new file mode 100644
index 0000000000000..15e0dc9ad7ad9
--- /dev/null
+++ b/.github/workflows/pr-handler.yml
@@ -0,0 +1,95 @@
+name: Handle Pull Request
+on:
+  pull_request_target:
+    types: [opened, reopened]
+
+# permissions:
+#   issues: write
+#   pull-requests: write
+
+env:
+  ALLOWED_TEAM: lando-github-pilot
+  ALLOWED_PATHS: |
+    mobile/
+
+jobs:
+  handle-pr:
+    runs-on: ubuntu-latest
+    steps:
+
+      # Workflows don't get access to organisation metadata via the GITHUB_TOKEN.
+      # We use the Lando Web App to obtain a token with sufficient permissions.
+      - name: Generate a token
+        id: generate-token
+        uses: actions/create-github-app-token@v2
+        with:
+          app-id: ${{ vars.LANDO_WEB_APP_ID }}
+          private-key: ${{ secrets.LANDO_WEB_APP_PRIVATE_KEY }}
+
+      - name: Check team membership
+        id: team
+        env:
+          GH_TOKEN: ${{ steps.generate-token.outputs.token }}
+          GH_REPO: ${{ github.repository }}
+          AUTHOR: ${{ github.event.pull_request.user.login }}
+          ALLOWED_TEAM: ${{ env.ALLOWED_TEAM }}
+        run: |
+          set -x
+          ORG="${GH_REPO/\/*/}"
+          if gh api "/orgs/${ORG}/teams/${ALLOWED_TEAM}/memberships/${AUTHOR}"; then
+            echo "is_member=true" >> $GITHUB_OUTPUT
+          else
+            echo "is_member=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Check allowed paths
+        id: paths
+        if: steps.team.outputs.is_member == 'true'
+        env:
+          GH_TOKEN: ${{ github.token }}
+          GH_REPO: ${{ github.repository }}
+          PR: ${{ github.event.pull_request.number }}
+          ALLOWED_PATHS: ${{ env.ALLOWED_PATHS }}
+        run: |
+          PATTERN=$(echo "${ALLOWED_PATHS}" | xargs | tr ' ' '|')
+          if gh pr view "${PR}" --json files --jq '.files[].path' | grep -vE "^(${PATTERN})"; then
+            echo "only_allowed=false" >> $GITHUB_OUTPUT
+          else
+            echo "only_allowed=true" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Close PR
+        if: steps.team.outputs.is_member != 'true' || steps.paths.outputs.only_allowed != 'true'
+        env:
+          GH_TOKEN: ${{ github.token }}
+          GH_REPO: ${{ github.repository }}
+          PR: ${{ github.event.pull_request.number }}
+        run: |
+          gh pr close "${PR}" --comment "(Automated Close) Please do not file pull requests here, see https://firefox-source-docs.mozilla.org/contributing/how_to_submit_a_patch.html"
+          gh pr lock "${PR}"
+
+      # Make this a separate job with a correct name when the PR-closer is no longer needed.
+      - name: Add Lando link
+        if: (steps.team.outputs.is_member == 'true' && steps.paths.outputs.only_allowed == 'true') && github.event.action == 'opened'
+        env:
+          GH_TOKEN: ${{ github.token }}
+          GH_REPO: ${{ github.repository }}
+          PR: ${{ github.event.pull_request.number }}
+          #
+          # Set the following variables at the repository level [0].
+          # [0] https://docs.github.com/en/actions/how-tos/write-workflows/choose-what-workflows-do/use-variables#defining-configuration-variables-for-multiple-workflows
+          #
+          LANDO_BASE_URL: ${{ vars.LANDO_BASE_URL }}
+          LANDO_REPO: ${{ vars.LANDO_REPO }}
+          #
+          # If they are empty, the following will be used to determine sane defaults.
+          #
+          DEFAULT_LANDO_BASE_URL: https://lando.moz.tools
+          GITHUB_REPO: ${{ github.repository }}
+          TARGET_BRANCH: ${{ github.base_ref}}
+        run: |
+          LANDO_BASE_URL="${LANDO_BASE_URL:-${DEFAULT_LANDO_BASE_URL}}"
+          # We extract the GitHub repo name and target branch to use as
+          # default LANDO_REPO if unspecified.
+          LANDO_REPO="${LANDO_REPO:-${GITHUB_REPO/*\//}-${TARGET_BRANCH}}"
+          gh pr comment "${PR}" --body "[View this pull request in Lando](${LANDO_BASE_URL}/pulls/${LANDO_REPO}/${PR}) to land it once approved."
diff --git a/CODEOWNERS b/CODEOWNERS
index a4b78b29d8f21..e581f2bc6bd92 100644
--- a/CODEOWNERS
+++ b/CODEOWNERS
@@ -1 +1 @@
-/mobile/* @mozilla-firefox/android-reviewers
+/mobile/* @mozilla-conduit/lando-github-pilot-android-reviewers
diff --git a/mobile/a b/mobile/a
new file mode 100644
index 0000000000000..e69de29bb2d1d
diff --git a/test b/test
new file mode 100644
index 0000000000000..0d825ef93b0d4
--- /dev/null
+++ b/test
@@ -0,0 +1 @@
+5e566bfc-3557-4973-a1e4-5c34ebb5a555