Comprehensive code review checklist covering security, performance, TypeScript standards, NextJS patterns, accessibility, error handling, and test coverage. Stack-aware — applies web, mobile, or fullstack sections as appropriate. Automatically loaded by the reviewer agent.
Installation
Install with Codex or Claude Copy this prompt, paste it into Codex, Claude, or another assistant, and let it review the skill page and install it for you.
Comprehensive code review checklist covering security, performance, TypeScript standards, NextJS patterns, accessibility, error handling, and test coverage. Stack-aware — applies web, mobile, or fullstack sections as appropriate. Automatically loaded by the reviewer agent.
user-invokable
false
Code Review Checklist
Apply each section systematically to every file changed in the review scope.
Use severity levels: Critical (must fix), Warning (should fix),
Suggestion (consider for improvement).
1. Security
No hardcoded secrets, API keys, or credentials in code
All user input validated server-side (Zod schemas on API routes)
SQL injection prevented (Prisma parameterized queries only, no raw SQL)
XSS prevented (no dangerouslySetInnerHTML without sanitization)
CSRF protection on all state-changing endpoints
Authentication checked on all protected API routes
Authorization verified (users can only access their own data)
Rate limiting considered for public-facing endpoints
Sensitive data not logged or exposed in error messages