| name | review |
| description | Security-focused code review with severity ratings. Use when reviewing code for security issues, vulnerabilities, or OWASP concerns. |
| argument-hint | ["file or directory"] |
When the user invokes /review <file, diff, or PR>:
- Read the target code or diff in full
- Analyze for:
- Security — OWASP top 10, injection, auth, data exposure
- Logic — edge cases, off-by-one, null handling, race conditions
- Performance — N+1 queries, unnecessary allocations, blocking calls
- Style — consistency with surrounding code (not your preferences)
- Output findings grouped by severity:
- CRITICAL — must fix before merge
- WARNING — should fix, creates risk
- SUGGESTION — nice to have
- Each finding includes: file:line, what's wrong, concrete fix
- End with a one-line verdict: APPROVE / REQUEST CHANGES / NEEDS DISCUSSION