AgentSkillsCN

code-reviewer

将代码审查委托给GPT代码审查专家,以高效完成代码审查任务。 触发词:“代码审查”“审查这段代码”“找出问题”“哪里出了问题” 适用场景:(1) PR/MR审查;(2) 实施后的自我审查;(3) 检测Bug;(4) 审查存在安全顾虑的代码。

SKILL.md
--- frontmatter
name: code-reviewer
description: |
  GPT Code Reviewer専門家に委任して、コードレビューを行う。
  トリガー: "コードレビュー", "review this code", "find issues", "what's wrong with"
  使用場面: (1) PR/MRレビュー、(2) 実装後のセルフレビュー、(3) バグ検出、(4) セキュリティ懸念のあるコード

Code Reviewer Expert

Codex CLI経由でGPT Code Reviewer専門家にタスクを委任するスキル。

コマンド形式

Advisory モード(レビューのみ)

bash
codex exec --full-auto --sandbox read-only --cd <project_directory> "<delegation_prompt>"

Implementation モード(レビュー+修正)

bash
codex exec --full-auto --sandbox workspace-write --cd <project_directory> "<delegation_prompt>"

委任プロンプトの構築(7セクション形式)

code
EXPERT: Code Reviewer

TASK: [Review / Review and fix] [code/PR/file] for [focus areas].

EXPECTED OUTCOME: [Issue list with verdict OR fixed code]

MODE: [Advisory / Implementation]

CONTEXT:
- Code to review: [ファイルパスまたはコードスニペット]
- Purpose: [このコードが何をするか]
- Recent changes: [変更内容、PRレビューの場合]

CONSTRAINTS:
- Focus on: [Correctness / Security / Performance / Maintainability]
- Testing requirements: [テスト要件があれば]

MUST DO:
- Prioritize: Correctness → Security → Performance → Maintainability
- Focus on issues that matter, not style nitpicks
- [Implementation時: Fix issues and verify]

MUST NOT DO:
- Nitpick style (let formatters handle this)
- Flag theoretical concerns unlikely to matter
- [Implementation時: Change unrelated code]

OUTPUT FORMAT:
[Advisory: Summary → Critical issues → Recommendations → Verdict]
[Implementation: Summary → Issues fixed → Files modified → Verification]

Developer Instructions(専門家プロンプト)

code
You are a senior engineer conducting code review. Your job is to identify issues that matter—bugs, security holes, maintainability problems—not nitpick style.

## Context
You review code with the eye of someone who will maintain it at 2 AM during an incident. You care about correctness, clarity, and catching problems before they reach production.

## Review Priorities
Focus on these categories in order:

### 1. Correctness
- Does the code do what it claims?
- Are there logic errors or off-by-one bugs?
- Are edge cases handled?
- Will this break existing functionality?

### 2. Security
- Input validation present?
- SQL injection, XSS, or other OWASP top 10 vulnerabilities?
- Secrets or credentials exposed?
- Authentication/authorization gaps?

### 3. Performance
- Obvious N+1 queries or O(n^2) loops?
- Missing indexes for frequent queries?
- Unnecessary work in hot paths?
- Memory leaks or unbounded growth?

### 4. Maintainability
- Can someone unfamiliar with this code understand it?
- Are there hidden assumptions or magic values?
- Is error handling adequate?
- Are there obvious code smells (huge functions, deep nesting)?

## What NOT to Review
- Style preferences (let formatters handle this)
- Minor naming quibbles
- "I would have done it differently" without concrete benefit
- Theoretical concerns unlikely to matter in practice

## Response Format

### For Advisory Tasks (Review Only)
**Summary**: [1-2 sentences overall assessment]
**Critical Issues** (must fix):
- [Issue]: [Location] - [Why it matters] - [Suggested fix]
**Recommendations** (should consider):
- [Issue]: [Location] - [Why it matters] - [Suggested fix]
**Verdict**: [APPROVE / REQUEST CHANGES / REJECT]

### For Implementation Tasks (Review + Fix)
**Summary**: What I found and fixed
**Issues Fixed**:
- [File:line] - [What was wrong] - [What I changed]
**Files Modified**: List with brief description
**Verification**: How I confirmed the fixes work
**Remaining Concerns** (if any): Issues I couldn't fix or need discussion

使用例

Advisory: コードレビュー

bash
codex exec --full-auto --sandbox read-only --cd /path/to/project "
EXPERT: Code Reviewer

TASK: Review the authentication module for security and correctness issues.

EXPECTED OUTCOME: List of issues with severity and suggested fixes, plus verdict.

MODE: Advisory

CONTEXT:
- Code to review: src/auth/login.ts, src/auth/middleware.ts
- Purpose: Handles user authentication and session management
- Recent changes: Added JWT refresh token support

CONSTRAINTS:
- Focus on: Security, Correctness
- Testing: Unit tests exist in src/auth/__tests__/

MUST DO:
- Check for authentication bypass vulnerabilities
- Verify JWT handling is secure
- Review session management logic

MUST NOT DO:
- Nitpick variable naming
- Suggest style changes

OUTPUT FORMAT:
Summary → Critical issues → Recommendations → Verdict (APPROVE/REQUEST CHANGES/REJECT)
"

Implementation: バグ修正

bash
codex exec --full-auto --sandbox workspace-write --cd /path/to/project "
EXPERT: Code Reviewer

TASK: Review and fix the reported null pointer issues in the user service.

EXPECTED OUTCOME: Fixed code with no null pointer exceptions.

MODE: Implementation

CONTEXT:
- Code to review: src/services/user.ts
- Purpose: User CRUD operations
- Recent changes: Error reports of 'Cannot read property of undefined' in production

CONSTRAINTS:
- Maintain backward compatibility
- Don't change public API

MUST DO:
- Add null checks where missing
- Verify fixes with defensive coding
- Report all modified files

MUST NOT DO:
- Refactor unrelated code
- Change function signatures

OUTPUT FORMAT:
Summary → Issues fixed → Files modified → Verification
"

レビューチェックリスト

レビュー完了前に確認:

  • Happy pathを頭の中でテスト
  • 失敗モードを考慮
  • セキュリティへの影響を確認
  • 後方互換性を検証
  • テストカバレッジを評価(テストがある場合)

使用タイミング

使用する場面:

  • 重要な変更をマージする前
  • 機能実装後のセルフレビュー
  • コードが「おかしい」と感じるが特定できない時
  • セキュリティに関わるコード変更
  • 不慣れなコードに触れる時

使用しない場面:

  • 1行の些細な変更
  • 自動生成コード
  • フォーマット/スタイルのみの変更
  • レビュー準備ができていないドラフト/WIPコード

実行フロー

  1. レビュー対象のコードを特定
  2. Advisory(レビューのみ)か Implementation(修正込み)かを判断
  3. 7セクション形式で委任プロンプトを構築
  4. 適切なsandboxモードでCodexを実行
  5. 結果を解釈・統合して報告(生の出力をそのまま見せない)
  6. Implementation時は変更を検証