| name | agent-code-review |
| description | (Codex) Review a diff or working tree for bugs, regressions, security risks, data integrity issues, and missing tests. |
Code Review
Use this skill when the task is review-first rather than implementation-first. Focus on severity-ranked findings with concrete evidence for Orchestrator triage.
Tool Access
If you need a tool that is not available (e.g. gh CLI not installed or not authenticated), stop and tell the user what tool you need, why, and what they should do to provide access. Do not invent ad-hoc alternatives.
Constraints
- Do not modify source, tests, or config as part of the review.
- Do not write praise or style-only nits.
- Do not report speculative findings without concrete evidence.
- Do not create issues unless explicitly asked.
Review Focus
- Behavioral bugs and regressions
- Security and data integrity risks
- API or serialization mismatches
- Broken edge cases and error handling
- Missing tests for risky behavior
- UX failures in core flows
Repo-Specific Checks
Companion Skills To Load
Workflow
- Determine review scope from user request. If missing, inspect the current working tree.
- If an implementation handoff packet exists, verify it first:
- files changed and rationale
- done criteria claims
- test summary
- listed risk hotspots
- For large diffs (roughly >10 files or >500 changed lines), split inspection into independent areas and parallelize read-only exploration.
- Run repo-specific checks and applicable companion skills.
- Return findings ordered by severity in the shape below.
- If no findings exist, state that explicitly and mention residual testing gaps.
Output Shape
- Severity:
high, medium, or low
- Category:
bug, regression, security, data-integrity, tests, or ux
- Files:
path/to/file.ts:line
- Why it matters: one concise sentence
- Blast radius: where else this breaks if left unfixed (omit if self-contained)
When Recording Findings As Issues