Multi-Perspective PR Review
This skill provides comprehensive pull request review from three specialized perspectives:
- •Security Reviewer - Authentication, secrets, XSS, CSRF, input validation, SQL injection
- •Product Manager - Business value, market and customer fit, user experience, features, edge cases, requirements alignment
- •Senior Architect - Design patterns, scalability, maintainability, tech debt, suitability for autonomous LLM agents, 100% code coverage
How This Works
Three independent reviews are conducted sequentially:
- •Each reviewer analyzes the PR from their unique perspective
- •Reviews are independent (no bias from seeing others' feedback)
- •All findings are synthesized and posted to the PR
- •Conflicts or overlaps between reviews are highlighted
Instructions for Claude
When this skill is invoked with a PR number (e.g., /review-pr-team 1):
Step 1: Fetch PR Context
Use GitHub CLI to gather PR information:
gh pr view $ARGUMENTS gh pr diff $ARGUMENTS gh pr view $ARGUMENTS --comments
Review the files changed, commit messages, and any existing comments.
Step 2: Gather Project and Specification Context
Before reviewing, gather context about the project and any related specifications:
- •Read project documentation - Read
CLAUDE.mdin the repository root to understand:
- •Project architecture and structure
- •Development workflow and commands
- •Key conventions and patterns
- •Technology stack and dependencies
- •
Check PR description and commits for references to specification files
- •
Look in SPECIFICATIONS/ directory for relevant docs
- •
Read specification files to understand:
- •Feature requirements and goals
- •Security requirements (if security spec exists)
- •Implementation approach (if implementation plan exists)
- •Success criteria
Common specification patterns:
- •Main spec:
SPECIFICATIONS/*-plan.mdorSPECIFICATIONS/*-mvp.mdorSPECIFICATIONS/requirements.md - •Security:
SPECIFICATIONS/*-security.md - •Implementation:
SPECIFICATIONS/*-implementation.md
Create a context summary including:
- •Project architecture (from CLAUDE.md)
- •What is this PR supposed to achieve?
- •What are the key requirements?
- •What security measures were specified?
- •What architectural decisions were made?
This context will be provided to each reviewer so they can evaluate whether the PR matches the project architecture and intended design.
If no specifications found: Note this and reviewers will evaluate based on project architecture (from CLAUDE.md) and best practices.
Step 3: Security Review (Subagent 1)
Spawn a general-purpose subagent with this task:
Task: "Act as a security specialist reviewing PR #$ARGUMENTS for security issues.
Project Context: [Paste the context summary from Step 2, including project architecture from CLAUDE.md and security requirements if specified]
Focus on:
Authentication & Authorization:
- •Are credentials/secrets properly protected?
- •Are authentication flows secure?
- •Is authorization checked on all protected endpoints?
Input Validation:
- •Is user input validated and sanitized?
- •Are there SQL injection, XSS, or command injection risks?
- •Are file uploads validated (type, size)?
Data Protection:
- •Are secrets stored securely (not in code)?
- •Is sensitive data encrypted/hashed appropriately?
- •Are API keys and tokens handled correctly?
CSRF & Session Management:
- •Is CSRF protection implemented?
- •Are cookies configured securely (HttpOnly, Secure, SameSite)?
- •Is session management robust?
Dependencies:
- •Are new dependencies from trusted sources?
- •Any known vulnerabilities in added packages?
Output Format:
- •✅ Secure Practices: What's done well
- •🔴 Critical Issues: Must fix before merge
- •⚠️ Warnings: Should fix, not blocking
- •💡 Suggestions: Nice-to-haves
Be specific with file:line references."
Wait for the security review to complete.
Step 4: Product Manager Review (Subagent 2)
Spawn a general-purpose subagent with this task:
Task: "Act as a product manager reviewing PR #$ARGUMENTS for product quality and user experience.
Project Context: [Paste the context summary from Step 2, including project architecture from CLAUDE.md, feature requirements, and success criteria]
Focus on:
Requirements Alignment:
- •Does this PR match the stated goals/requirements?
- •Are all acceptance criteria met?
- •Is anything out of scope or missing?
User Experience:
- •Is the feature intuitive and user-friendly?
- •Are error messages clear and helpful?
- •Is the UI/UX consistent with existing patterns?
Edge Cases:
- •Are edge cases handled (empty states, errors, etc.)?
- •What happens when things go wrong?
- •Are loading states and feedback clear?
Completeness:
- •Is the feature fully functional?
- •Are there half-finished parts?
- •Is documentation updated (if needed)?
Future Impact:
- •Does this create technical debt?
- •Will this be easy to extend later?
- •Any backward compatibility issues?
Output Format:
- •✅ Well Done: What meets/exceeds expectations
- •🔴 Blocking Issues: Must address before ship
- •⚠️ Concerns: Should address, worth discussing
- •💡 Enhancements: Ideas for improvement
Be specific with examples and file references."
Wait for the product review to complete.
Step 5: Senior Architect Review (Subagent 3)
Spawn a general-purpose subagent with this task:
Task: "Act as a senior software architect reviewing PR #$ARGUMENTS for design quality and long-term maintainability.
Project Context: [Paste the context summary from Step 2, including project architecture from CLAUDE.md, architectural decisions, and implementation approach]
Focus on:
Architecture & Design:
- •Does this fit well with existing architecture?
- •Are design patterns used appropriately?
- •Is the code organization logical?
Code Quality:
- •Is the code readable and well-structured?
- •Are functions/components properly sized?
- •Are naming conventions clear and consistent?
Scalability & Performance:
- •Will this perform well under load?
- •Are there potential bottlenecks?
- •Is caching/optimization appropriate?
Maintainability:
- •Is the code easy to understand and modify?
- •Are abstractions appropriate (not over/under-engineered)?
- •Are there code smells or anti-patterns?
Testing:
- •Is test coverage adequate?
- •Are the right things being tested?
- •Are tests maintainable?
Technical Debt:
- •Does this introduce debt?
- •Does it pay down existing debt?
- •Are shortcuts documented and justified?
Output Format:
- •✅ Architectural Strengths: Good design decisions
- •🔴 Critical Issues: Fundamental problems to fix
- •⚠️ Design Concerns: Worth reconsidering
- •💡 Suggestions: Ways to improve design
Be specific with code examples and file:line references."
Wait for the architecture review to complete.
Step 6: Synthesize and Post Results
After all three reviews are complete:
- •Analyze findings across all reviews:
- •Identify overlapping concerns (mentioned by multiple reviewers)
- •Flag conflicts (if reviewers disagree)
- •Highlight critical issues that appear in multiple perspectives
- •Create unified summary:
## Comprehensive PR Review - Multiple Perspectives ### 🔴 Critical Issues (Must Fix Before Merge) [List all critical issues from all reviewers, grouped by theme] [Mark with [Security], [Product], or [Architecture] badges] [Note if multiple reviewers flagged the same issue] ### ⚠️ Warnings & Concerns (Should Address) [List warnings from all reviewers, grouped by theme] ### ✅ Strengths & Good Practices [Highlight what all reviewers praised] ### 💡 Suggestions for Improvement [Compile suggestions, note if multiple reviewers suggested similar improvements] ### 📊 Review Summary - **Security Review**: [X critical, Y warnings, Z suggestions] - **Product Review**: [X critical, Y warnings, Z suggestions] - **Architecture Review**: [X critical, Y warnings, Z suggestions] --- **Recommendation:** [Clear merge/don't merge recommendation based on critical issues] --- *Reviews conducted by specialized subagents: Security Specialist, Product Manager, Senior Architect*
- •Post the synthesized review as a comment on the PR using:
gh pr comment $ARGUMENTS --body "[markdown content from above]"
- •Provide user summary:
- •Total critical issues found
- •Key themes across reviews
- •Clear next steps
- •Link to PR comment
Example Usage
/review-pr-team 1
This will:
- •Fetch PR #1 details
- •Run security review (sequential)
- •Run product review (sequential)
- •Run architecture review (sequential)
- •Synthesize all findings
- •Post comprehensive review to PR #1
Tips for Best Results
- •Use on non-trivial PRs - Overkill for typo fixes
- •Run before final approval - Catch issues early
- •Read individual reviews - Each perspective provides unique value
- •Address critical issues first - Don't merge with red flags
<!-- NOTE: This is NOT part of the skill instructions -->
Future Enhancement: Parallel Execution (Option A)
Current implementation: Reviews run sequentially (one after another)
- •Security → Product → Architecture
- •Total time: ~3-5 minutes depending on PR size
Future upgrade: Agent Teams for parallel execution
- •All three reviewers analyze simultaneously
- •Total time: ~1-2 minutes (faster)
- •Requires:
CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS=1in settings
When agent teams feature is stable, this skill can be upgraded to spawn parallel reviewers instead of sequential ones. The skill structure and review criteria would remain the same—only the execution model changes.
To upgrade later:
- •Enable experimental flag in
.claude/settings.json - •Modify Step 2-4 to spawn teammates instead of sequential subagents
- •Teammates review in parallel
- •Main agent still synthesizes results
The sequential approach works perfectly fine for now and proves the concept.