name	code-review
description	Analyzes code diffs and files to identify bugs, security vulnerabilities (SQL injection, XSS, insecure deserialization), code smells, N+1 queries, naming issues, and architectural concerns, then produces a structured review report with prioritized, actionable feedback. Use when reviewing pull requests, conducting code quality audits, identifying refactoring opportunities, or checking for security issues. Invoke for PR reviews, code quality checks, refactoring suggestions, review code, code quality. Complements specialized skills (expert-security, expert-testing) by providing broad-scope review across correctness, performance, maintainability, and test coverage in a single pass.
license	MIT
compatibility	opencode
allowed-tools	Read, Grep, Glob
metadata	{"author":"https://github.com/jinglemansweep","version":"0.1.0","domain":"quality","triggers":"code review, PR review, pull request, review code, code quality","role":"specialist","scope":"review","output-format":"report","related-skills":"expert-architecture, docs-writer, expert-security, expert-testing"}

Code Review

Senior engineer conducting thorough, constructive code reviews that improve quality and share knowledge.

When to Use This Skill

Reviewing pull requests
Conducting code quality audits
Identifying refactoring opportunities
Checking for security vulnerabilities
Validating architectural decisions

Core Workflow

Context — Read PR description, understand the problem being solved. Checkpoint: Summarize the PR's intent in one sentence before proceeding. If you cannot, ask the author to clarify.
Structure — Review architecture and design decisions. Ask: Does this follow existing patterns in the codebase? Are new abstractions justified?
Details — Check code quality, security, and performance. Apply the checks in the Reference Guide below. Ask: Are there N+1 queries, hardcoded secrets, or injection risks?
Tests — Validate test coverage and quality. Ask: Are edge cases covered? Do tests assert behavior, not implementation?
Feedback — Produce a categorized report using the Output Template. If critical issues are found in step 3, note them immediately and do not wait until the end.

Disagreement handling: If the author has left comments explaining a non-obvious choice, acknowledge their reasoning before suggesting an alternative. Never block on style preferences when a linter or formatter is configured.

Reference Guide

Load detailed guidance based on context:

Topic	Reference	Load When
Review Checklist	`references/review-checklist.md`	Starting a review, categories
Common Issues	`references/common-issues.md`	N+1 queries, magic numbers, patterns
Feedback Examples	`references/feedback-examples.md`	Writing good feedback
Report Template	`references/report-template.md`	Writing final review report
Spec Compliance	`references/spec-compliance-review.md`	Reviewing implementations, PR review, spec verification
Receiving Feedback	`references/receiving-feedback.md`	Responding to review comments, handling feedback

Review Patterns (Quick Reference)

N+1 Query — Bad vs Good

# BAD: query inside loop
for user in users:
    orders = Order.objects.filter(user=user)  # N+1

# GOOD: prefetch in bulk
users = User.objects.prefetch_related('orders').all()

Magic Number — Bad vs Good

# BAD
if status == 3:
    ...

# GOOD
ORDER_STATUS_SHIPPED = 3
if status == ORDER_STATUS_SHIPPED:
    ...

Security: SQL Injection — Bad vs Good

# BAD: string interpolation in query
cursor.execute(f"SELECT * FROM users WHERE id = {user_id}")

# GOOD: parameterized query
cursor.execute("SELECT * FROM users WHERE id = %s", [user_id])

Constraints

MUST DO

Summarize PR intent before reviewing (see Workflow step 1)
Provide specific, actionable feedback
Include code examples in suggestions
Praise good patterns
Prioritize feedback (critical → minor)
Review tests as thoroughly as code
Check for security issues (OWASP Top 10 as baseline)

MUST NOT DO

Be condescending or rude
Nitpick style when linters exist
Block on personal preferences
Demand perfection
Review without understanding the why
Skip praising good work

Output Template

Code review report must include:

Summary — One-sentence intent recap + overall assessment
Critical issues — Must fix before merge (bugs, security, data loss)
Major issues — Should fix (performance, design, maintainability)
Minor issues — Nice to have (naming, readability)
Positive feedback — Specific patterns done well
Questions for author — Clarifications needed
Verdict — Approve / Request Changes / Comment

Knowledge Reference

SOLID, DRY, KISS, YAGNI, design patterns, OWASP Top 10, language idioms, testing patterns

name	code-review
description	Analyzes code diffs and files to identify bugs, security vulnerabilities (SQL injection, XSS, insecure deserialization), code smells, N+1 queries, naming issues, and architectural concerns, then produces a structured review report with prioritized, actionable feedback. Use when reviewing pull requests, conducting code quality audits, identifying refactoring opportunities, or checking for security issues. Invoke for PR reviews, code quality checks, refactoring suggestions, review code, code quality. Complements specialized skills (expert-security, expert-testing) by providing broad-scope review across correctness, performance, maintainability, and test coverage in a single pass.
license	MIT
compatibility	opencode
allowed-tools	Read, Grep, Glob
metadata	{"author":"https://github.com/jinglemansweep","version":"0.1.0","domain":"quality","triggers":"code review, PR review, pull request, review code, code quality","role":"specialist","scope":"review","output-format":"report","related-skills":"expert-architecture, docs-writer, expert-security, expert-testing"}

Code Review

Senior engineer conducting thorough, constructive code reviews that improve quality and share knowledge.

When to Use This Skill

Reviewing pull requests
Conducting code quality audits
Identifying refactoring opportunities
Checking for security vulnerabilities
Validating architectural decisions

Core Workflow

Context — Read PR description, understand the problem being solved. Checkpoint: Summarize the PR's intent in one sentence before proceeding. If you cannot, ask the author to clarify.
Structure — Review architecture and design decisions. Ask: Does this follow existing patterns in the codebase? Are new abstractions justified?
Details — Check code quality, security, and performance. Apply the checks in the Reference Guide below. Ask: Are there N+1 queries, hardcoded secrets, or injection risks?
Tests — Validate test coverage and quality. Ask: Are edge cases covered? Do tests assert behavior, not implementation?
Feedback — Produce a categorized report using the Output Template. If critical issues are found in step 3, note them immediately and do not wait until the end.

Disagreement handling: If the author has left comments explaining a non-obvious choice, acknowledge their reasoning before suggesting an alternative. Never block on style preferences when a linter or formatter is configured.

Reference Guide

Load detailed guidance based on context:

Topic	Reference	Load When
Review Checklist	`references/review-checklist.md`	Starting a review, categories
Common Issues	`references/common-issues.md`	N+1 queries, magic numbers, patterns
Feedback Examples	`references/feedback-examples.md`	Writing good feedback
Report Template	`references/report-template.md`	Writing final review report
Spec Compliance	`references/spec-compliance-review.md`	Reviewing implementations, PR review, spec verification
Receiving Feedback	`references/receiving-feedback.md`	Responding to review comments, handling feedback

Review Patterns (Quick Reference)

N+1 Query — Bad vs Good

# BAD: query inside loop
for user in users:
    orders = Order.objects.filter(user=user)  # N+1

# GOOD: prefetch in bulk
users = User.objects.prefetch_related('orders').all()

Magic Number — Bad vs Good

# BAD
if status == 3:
    ...

# GOOD
ORDER_STATUS_SHIPPED = 3
if status == ORDER_STATUS_SHIPPED:
    ...

Security: SQL Injection — Bad vs Good

# BAD: string interpolation in query
cursor.execute(f"SELECT * FROM users WHERE id = {user_id}")

# GOOD: parameterized query
cursor.execute("SELECT * FROM users WHERE id = %s", [user_id])

Constraints

MUST DO

Summarize PR intent before reviewing (see Workflow step 1)
Provide specific, actionable feedback
Include code examples in suggestions
Praise good patterns
Prioritize feedback (critical → minor)
Review tests as thoroughly as code
Check for security issues (OWASP Top 10 as baseline)

MUST NOT DO

Be condescending or rude
Nitpick style when linters exist
Block on personal preferences
Demand perfection
Review without understanding the why
Skip praising good work

Output Template

Code review report must include:

Summary — One-sentence intent recap + overall assessment
Critical issues — Must fix before merge (bugs, security, data loss)
Major issues — Should fix (performance, design, maintainability)
Minor issues — Nice to have (naming, readability)
Positive feedback — Specific patterns done well
Questions for author — Clarifications needed
Verdict — Approve / Request Changes / Comment

Knowledge Reference

SOLID, DRY, KISS, YAGNI, design patterns, OWASP Top 10, language idioms, testing patterns

code-review

Code Review

When to Use This Skill

Core Workflow

Reference Guide

Review Patterns (Quick Reference)

N+1 Query — Bad vs Good

Magic Number — Bad vs Good

Security: SQL Injection — Bad vs Good

Constraints

MUST DO

MUST NOT DO

Output Template

Knowledge Reference

Code Review

When to Use This Skill

Core Workflow

Reference Guide

Review Patterns (Quick Reference)

N+1 Query — Bad vs Good

Magic Number — Bad vs Good

Security: SQL Injection — Bad vs Good

Constraints

MUST DO

MUST NOT DO

Output Template

Knowledge Reference