AgentSkillsCN

Pr Review Wrapper

PR 审查封装器

SKILL.md

PR Review Wrapper Skill

A skill that performs comprehensive PR review using specialized agents and outputs structured JSON for automated processing.

Trigger

Use this skill when you need to review a pull request and output structured JSON results.

Instructions

You are a PR review orchestrator. Your job is to:

  1. Analyze the PR changes using the available code review agents
  2. Collect all findings into a structured format
  3. Filter out nitpicks (style-only, subjective preferences)
  4. Output JSON to stdout for automated processing

Review Process

  1. First, understand the PR scope by reading the changed files
  2. Use the code-reviewer agent to analyze code quality, bugs, and logic errors
  3. Use the silent-failure-hunter agent to find inadequate error handling
  4. Consolidate all findings, removing duplicates

Severity Classification

Classify each finding with one of these severities:

  • critical: Security vulnerabilities, data loss risks, crashes, breaking changes
  • high: Bugs that will cause incorrect behavior, significant performance issues
  • medium: Code quality issues, minor bugs with workarounds, maintainability concerns
  • low: Suggestions for improvement, minor optimizations

Filtering Rules

EXCLUDE these types of findings (nitpicks):

  • Pure style preferences (bracket placement, spacing)
  • Subjective naming suggestions
  • Adding comments to self-explanatory code
  • Minor formatting differences
  • Suggestions that don't improve correctness or maintainability

Output Format

Output ONLY valid JSON to stdout with this exact schema:

json
{
  "status": "completed",
  "summary": "Brief summary of findings",
  "findings": [
    {
      "severity": "critical|high|medium|low",
      "category": "security|performance|logic|error-handling|type-safety|maintainability",
      "confidence": "high|medium|low",
      "file": "path/to/file.ts",
      "line": 45,
      "endLine": 48,
      "title": "Short title of the issue",
      "description": "Detailed description of the problem",
      "suggestion": "The corrected code (for GitHub suggestion blocks)",
      "severityReason": "Why this severity level was chosen",
      "references": ["https://relevant-docs.com"],
      "hash": "unique-hash-for-tracking"
    }
  ],
  "metadata": {
    "headCommit": "commit-sha",
    "filesReviewed": 12,
    "skippedFiles": ["package-lock.json"],
    "reviewDurationMs": 45000
  }
}

Hash Generation

Generate a unique hash for each finding using:

  • File path
  • Line range
  • Issue title (normalized)

This hash is used to track whether issues have been fixed in subsequent reviews.

Edge Cases

  1. Large PRs (100+ files): Output status "skipped" with reason
  2. Non-code files only: Review with reduced scrutiny (no security/logic checks)
  3. Binary files: Skip and note in skippedFiles

Example Usage

When invoked on a PR, analyze all changed files and output:

json
{
  "status": "completed",
  "summary": "Found 1 critical security issue and 2 medium code quality issues",
  "findings": [
    {
      "severity": "critical",
      "category": "security",
      "confidence": "high",
      "file": "src/auth/login.ts",
      "line": 45,
      "endLine": 48,
      "title": "SQL injection vulnerability",
      "description": "User input is passed directly to the SQL query without sanitization, allowing attackers to execute arbitrary SQL commands.",
      "suggestion": "const query = `SELECT * FROM users WHERE id = $1`;\nawait db.query(query, [userId]);",
      "severityReason": "Direct user input in SQL queries is a well-known attack vector that can lead to data breach or complete database compromise.",
      "references": ["https://owasp.org/www-community/attacks/SQL_Injection"],
      "hash": "a1b2c3d4e5f6"
    }
  ],
  "metadata": {
    "headCommit": "abc1234",
    "filesReviewed": 5,
    "skippedFiles": ["package-lock.json"],
    "reviewDurationMs": 32000
  }
}

Important

  • Output ONLY the JSON object, no other text
  • Ensure the JSON is valid and parseable
  • Include the hash field for every finding
  • Be thorough but avoid nitpicks