// Review code changes for security, performance, bugs, and quality. Reviews staged changes, unstaged changes, specific commits, or PR-ready diffs.
| name | review |
| description | Review code changes for security, performance, bugs, and quality. Reviews staged changes, unstaged changes, specific commits, or PR-ready diffs. |
The reviewer reads both the diff and the surrounding source files to understand intent and catch issues that only appear in context.
<core_principle> FIND REAL ISSUES, NOT STYLE NITS. Focus on problems that cause bugs, security vulnerabilities, performance degradation, or maintainability pain. Avoid nitpicking formatting or subjective style preferences unless they harm readability. </core_principle>
<analysis_only_rule> THIS SKILL IS READ-ONLY. DO NOT MODIFY CODE.
The purpose is to review and report findings. Making changes during review conflates the reviewer and author roles. Present findings and let the user decide what to act on. </analysis_only_rule>
<working_directory_awareness>
Before running any git command: check whether your dispatch context specifies a working directory (look for "Working directory:" in your initial prompt). If it does and pwd does not match it, prefix every git invocation with -C <that path> (e.g. git -C /path/to/worktree diff --cached). Reviewing the wrong directory's diff is a silent failure mode — the review will look correct but cover the wrong code.
</working_directory_awareness>
<quick_start>
<determine_review_scope>
Parse the user's input to determine what to review:
No arguments - Review staged changes first. If nothing is staged, review unstaged changes.
git diff --cachedgit diffgit show HEADCommit hash argument (e.g., /review abc1234) - Review that specific commit.
git show <hash>File path argument (e.g., /review src/foo.ts) - Review unstaged changes in that file.
git diff -- <path> then fall back to git diff --cached -- <path>"pr" argument (e.g., /review pr) - Review all changes since branching from main.
git diff main...HEADgit diff HEAD~1After obtaining the diff, if it is empty, inform the user that there are no changes to review and stop.
</determine_review_scope>
<gather_context>
Before analyzing the diff:
</gather_context>
<review_categories>
Analyze the changes against each category below. Only report findings that are actually present. Skip categories with no issues.
A. Security Issues (Severity: CRITICAL or HIGH)
B. Performance Concerns (Severity: HIGH or MEDIUM)
C. Bug Risks (Severity: HIGH or MEDIUM)
D. Code Quality (Severity: MEDIUM or LOW)
E. Test Coverage Gaps (Severity: MEDIUM or LOW)
</review_categories>
<format_findings>
For each finding, use this structure:
### [SEVERITY] Category: Brief Title
**File**: `path/to/file.ext` (lines X-Y)
**Issue**: Clear description of the problem.
**Why it matters**: What could go wrong if this is not addressed.
**Suggestion**: How to fix it, with a code snippet if helpful.
Severity levels:
</format_findings>
</quick_start>
<critical_rules>
</critical_rules>
<output_format>
## Code Review: [brief description of what was reviewed]
**Scope**: [staged changes | unstaged changes | commit abc1234 | PR changes from main]
**Files reviewed**: [count] files changed, [additions] additions, [deletions] deletions
---
### Findings
[Findings grouped by severity, highest first. Use the format from <format_findings>.]
---
### Summary
| Severity | Count |
|----------|-------|
| CRITICAL | X |
| HIGH | X |
| MEDIUM | X |
| LOW | X |
### Recommended Actions
1. [Most important action to take]
2. [Next most important action]
3. [...]
If no issues are found:
## Code Review: [brief description]
**Scope**: [what was reviewed]
**Files reviewed**: [count]
No significant issues found. The changes look good to merge.
</output_format>
<decision_gate>
After presenting findings, ALWAYS offer these options:
─────────────────────────────────────────
REVIEW COMPLETE
What would you like to do?
1. **Fix issues** - I'll address the findings starting with the most critical
2. **Save review** - Export findings to a markdown file
3. **Review again** - Re-review with different scope or focus
4. **Discuss a finding** - Ask questions about a specific issue
5. **Other** - Tell me what you need
─────────────────────────────────────────
Wait for user response before taking any action.
This gate is MANDATORY. Never skip it. Never auto-implement fixes.
</decision_gate>
Orchestrate GSD (Get Shit Done) projects programmatically via headless CLI. Use when an agent needs to create milestones from specs, execute software development workflows, monitor task progress, check project status, or control GSD execution (pause/stop/skip/steer). Triggers on requests to "run gsd", "create milestone", "execute project", "check gsd status", "orchestrate development", "run headless workflow", or any programmatic interaction with the GSD project management system. Essential for building orchestrators that coordinate multiple GSD workers.
Post-mortem a failed GSD auto-mode run. Traces from symptom to root cause using `.gsd/activity/*.jsonl`, `.gsd/journal/YYYY-MM-DD.jsonl`, `.gsd/metrics.json`, and `.gsd/auto.lock`. Produces a filing-ready bug report with file:line references and a concrete fix suggestion. Use when asked to "forensics", "post-mortem", "why did auto-mode fail", "trace the stuck loop", "debug the crash", after `/gsd forensics` is invoked, or when a session ended in an unexpected terminal state. Reads existing artifacts — does NOT re-run anything.
Build software products autonomously via GSD headless mode. Handles the full lifecycle: write a spec, launch a build, poll for completion, handle blockers, track costs, and verify the result. Use when asked to "build something", "create a project", "run gsd", "check build status", or any task that requires autonomous software development via subprocess.
Create, debug, and iterate on GSD extensions (TypeScript modules that add tools, commands, event hooks, custom UI, and providers to GSD). Use when asked to build an extension, add a tool the LLM can call, register a slash command, hook into GSD events, create custom TUI components, or modify GSD behavior. Triggers on "create extension", "build extension", "add a tool", "register command", "hook into gsd", "custom tool", "gsd plugin", "gsd extension".
Block completion claims until verification evidence has been produced in the current message. Use before marking a task/slice/milestone complete, before creating a commit or PR, before saying "it works" or "tests pass", and any time you are about to claim work is done. The rule is: evidence before claims, always — running the verification must happen now, not "earlier in the session". Fresh output or no claim.
Lint and format code. Auto-detects ESLint, Biome, Prettier, or language-native formatters and runs them with auto-fix. Reports remaining issues with actionable suggestions.