원클릭으로
code-review
Pull request review checklist for the team.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
Pull request review checklist for the team.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
Python code style, typing, and project conventions.
Project-wide security rules for handling untrusted input, secrets, and database access.
Database safety rules for the data-access layer.
Testing conventions for the project — pytest, fixtures, integration vs unit.
| name | code-review |
| description | Pull request review checklist for the team. |
Read the diff once for shape, then again for correctness. Comment on intent, not just style.
Always use parameterized queries for every database access. Never concatenate user-provided strings into SQL statements directly. This includes dynamic WHERE clauses, ORDER BY clauses, and table names.
Validate and sanitize all user-provided data at the system boundary before it enters business logic. Reject inputs that do not match the expected shape, range, or type.
Secrets must never be committed to the repository under any circumstance. If you see one in a diff, ask the author to revoke it before merging.
Every PR must add tests for new behavior. Tests should describe the behavior, not the implementation. Prefer integration tests over mocks when the integration is cheap.
Never log secrets, personally identifiable information, or full request or response bodies. Scrub sensitive fields at the logging boundary using a structured logger.
Treat any data that crossed a network or process boundary as untrusted until proven otherwise. Apply the same scrutiny to data from other internal services as you would to data from the public internet. The threat model assumes lateral movement; act accordingly across every service-to-service hop in the system.