Agent skill

review

Performs code review analysis across Quality, Regression, Documentation, and Performance focus areas with severity-classified findings. Use when user asks to "review code", "review this PR", "check code quality", "review changes", or "do a code review".

View SKILL.md on GitHub Repository
Stars 1
Forks 1

Install this agent skill to your Project

npx add-skill https://github.com/jiyeol-lee/dotfiles/tree/main/.opencode/skills/review

SKILL.md

Workflow

  1. Determine review target from the task context:
    • Pull request: use tool__gh--retrieve-pull-request-diff to fetch the diff
    • Last N commits: use tool__git--retrieve-latest-n-commits-diff to get the diff
    • Branch changes: use tool__git--retrieve-current-branch-diff for current branch vs base
  2. Gather context for each modified file:
    • Read the full file content (not just the diff) — surrounding code is essential for understanding impact
    • For PR reviews, use tool__gh--retrieve-pull-request-info to understand PR goals and existing feedback
  3. Review using the assigned focus area and its reference checklist
  4. Classify findings by severity (see below)
  5. Present report grouped by file with actionable fix suggestions

Focus Areas

One focus area is assigned per invocation. Read the reference checklist for your assigned focus area:

  • Quality: Read references/quality.md — covers security, correctness, maintainability
  • Regression: Read references/regression.md — covers breaking changes, API compatibility
  • Documentation: Read references/documentation.md — covers code docs, changelogs, API specs
  • Performance: Read references/performance.md — covers optimization, efficiency

Severity Levels

Level Icon Criteria Action
Critical 🔴 Security, data loss, outage risk Must fix
Warning 🟡 Bugs, bad practices Should fix
Suggestion 🔵 Improvements Consider

Assessment Criteria

Assessment When to Use
approve No critical issues, code is ready
request_changes Critical issues found that must be addressed
needs_discussion Architectural concerns requiring team input

Example Finding

A critical finding looks like this:

🔴 Critical — File: src/auth/login.ts — Line 42

  • Issue: User-supplied redirectUrl is passed directly to res.redirect() without validation
  • Why: Open redirect vulnerability — attacker can craft a URL that redirects users to a phishing site after login
  • Fix: Validate redirectUrl against an allowlist of trusted domains before redirecting:
    ts
    const allowed = ["/dashboard", "/profile", "/settings"];
const target = allowed.includes(redirectUrl) ? redirectUrl : "/dashboard";
res.redirect(target);

Report Format

Use the report format in references/report-format.md when generating the review report.

Constraints

  • NEVER approve code with unresolved critical issues
  • NEVER ignore security-related findings regardless of focus area
  • ALWAYS read the full file, not just the diff — context matters for correctness
  • ALWAYS provide actionable fix suggestions, not just problem descriptions

Recommended Agent Skills

Expand your agent's capabilities with these related and highly-rated skills.

jiyeol-lee/dotfiles

pull-request

Analyzes branch diffs, drafts PR titles and bodies following Conventional Commits, and creates or updates pull requests via GitHub CLI. Use when user asks to "create a PR", "open a pull request", "update PR description", "draft a PR", or "submit changes for review".

1 1
Explore
jiyeol-lee/dotfiles

commit

Analyzes repository state, proposes commit messages following Conventional Commits, and applies commits after user approval. Use when asked to "commit", "commit changes", "save my work", "create a commit", or "stage and commit".

1 1
Explore
jiyeol-lee/dotfiles

check

Verifies code quality through linting, type-checking, formatting, and testing. Use when asked to "run checks", "validate code", "lint this", "check for errors", "run tests", or "verify code quality" before or after changes.

1 1
Explore
jiyeol-lee/dotfiles

task-breakdown

Decomposes complex goals into atomic, dependency-aware work items with execution plans. Use when asked to "break down this task", "create a task plan", "decompose this goal", "split this work", "plan the implementation", "what are the steps", or "create an execution plan".

1 1
Explore
jiyeol-lee/dotfiles

code

Implements features, fixes bugs, refactors code, and writes unit and integration tests. Use when asked to "implement", "fix a bug", "refactor", "add a feature", "write tests", "add test coverage", or "update code".

1 1
Explore
jiyeol-lee/dotfiles

grill-me

Conducts thorough interviews to deeply understand user needs, requirements, and context before any implementation begins. Use when requirements are unclear, assumptions need validation, edge cases need exploration, when the user says "grill me", "ask me questions", "help me think through this", or when the underlying problem isn't fully understood.

1 1
Explore

Didn't find tool you were looking for?

Be as detailed as possible for better results