Menu
Review current changes before committing
Install with Codex or Claude Copy this prompt, paste it into Codex, Claude, or another assistant, and let it review the skill page and install it for you.
Based on SOC occupation classification
| name | review |
| description | Review current changes before committing |
| allowed-tools | Read, Glob, Grep, Bash(git diff*), Bash(git status*), Bash(git log*) |
Review all uncommitted changes. Do not modify source code.
Read the diff
git diff
git diff --cached
Check for issues
Read _FRAGILE.md if it exists — flag any changes touching danger zones
Report findings
Review: [X files changed, Y insertions, Z deletions]
Issues:
- [file:line] [severity] [description]
Suggestions:
- [Optional improvements, not blockers]
Verdict: [Ready to commit / Needs fixes]
If no issues found, say so briefly and confirm ready to commit.
Audit WordPress Gutenberg blocks for stored XSS vulnerabilities in render_callback functions. Traces how $attributes (user-controlled values) flow through PHP render callbacks into HTML output, flagging insufficient or incorrect escaping. Trigger phrases: "WordPress block security", "XSS in blocks", "audit render_callback", "block attribute sanitization", "Gutenberg security audit", "wp-block-security"
Comprehensive WordPress security auditor detecting XSS, SQLi, CSRF, SSRF, LFI, Object Injection, Command Injection, Auth Bypass, and more. Integrates wp-block-security for specialized Gutenberg block XSS detection. Uses parallel subagents for efficient, thorough security analysis. Trigger phrases: "WordPress security audit", "security review", "wp-security-review", "audit WordPress code", "find vulnerabilities"
Resolve review comments on GitHub PRs — fetches unresolved review threads, evaluates each suggestion against the codebase, applies valid fixes in a single commit, replies to every comment explaining what was done and why, and resolves them all. Works with any reviewer: Copilot, Dependabot, human teammates, or any other source. Use this skill whenever the user mentions PR feedback, review comments, copilot suggestions, or wants to process/address/resolve review threads. Also trigger when the user says things like "handle the review comments", "address the PR feedback", "deal with the review suggestions", "clean up the PR reviews", "review the comments on my PR", "check the PR feedback", "look at the review comments on this PR", or "resolve the review threads".
Run the full dev team — plan, implement, review, learn
Review changes and create a commit
Record a learning to the team's persistent memory