Skill: Code Review
Description
Reviews code for quality, security, performance, and convention compliance.
When to Use
- •After implementing a feature (self-review)
- •When user triggers /review workflow
- •Before merging any PR
Instructions
Review Checklist
Correctness
- • Does the code do what it claims?
- • Edge cases handled?
- • Error states handled gracefully?
Security
- • No secrets/credentials in code
- • Input validation on all user input
- • SQL injection prevention (parameterized queries)
- • XSS prevention (output encoding)
- • Auth checks on protected routes
- • Rate limiting on public endpoints
Performance
- • No N+1 queries
- • Appropriate use of caching
- • No unnecessary re-renders (React)
- • Bundle size impact acceptable
Conventions
- • Follows .ai/conventions.md
- • Consistent naming
- • Proper TypeScript types (no
any) - • Comments explain WHY, not WHAT
Testing
- • New code has tests
- • Tests are meaningful (not just coverage)
- • Edge cases tested
Output Format
markdown
## Code Review: [file/feature] ### ✅ Looks Good - [list positives] ### ⚠️ Suggestions - [list improvements] ### ❌ Must Fix - [list blockers] ### Overall: APPROVE | REQUEST_CHANGES | COMMENT