Codex Review
Run structured, multi-pass AI code reviews on branch diffs before merge using copy-paste prompts for Codex, Claude, or any reviewer CLI.
Overview
Codex Review Prompt Templates is an agent skill most often used in Ship (also Build, Operate) that supplies model-agnostic diff-review prompts for Codex, Claude, and other reviewer CLIs.
Install
npx skills add https://github.com/hyperb1iss/hyperskills --skill codex-reviewWhat is this skill?
- Model-agnostic prompt pack: General Review plus Security Deep-Dive and other focused passes
- General pass prioritizes correctness, security (OWASP Top 10:2025), performance, and maintainability with explicit skip
- Each finding requires file/line citation, concrete risk, specific fix, and 0.0–1.0 confidence
- Works via `codex exec`, `claude -p`, or piping `git diff main...HEAD` into either reviewer
- Documents when native `codex review` structured mode makes custom prompts unnecessary
- 4 review dimensions in General Review (correctness, security, performance, maintainability)
- Confidence rated 0.0–1.0 per finding
Adoption & trust: 563 installs on skills.sh; 13 GitHub stars; 3/3 security scanners passed (skills.sh audits).
What problem does it solve?
You are about to merge a branch but your agent reviews are vague, skip security, or argue about style instead of real regressions.
Who is it for?
Solo builders shipping from feature branches who want stacked general + security review passes without custom prompt engineering each time.
Skip if: Teams that only need `codex review`’s built-in structured output and never customize reviewer instructions.
When should I use this skill?
You need thorough branch diff reviews via Codex, Claude `-p`, or piped `git diff` and want dedicated General or Security Deep-Dive prompt text.
What do I get? / Deliverables
You run repeatable diff reviews with cited findings, confidence scores, and a clear correct/incorrect verdict before merge or hotfix deploy.
- Executed review with cited findings and confidence scores
- Overall patch correct or incorrect verdict
Recommended Skills
Journey fit
Spans multiple journey phases - primary shelf plus alternate fits below.
Ship/review is the canonical shelf because the skill is prompt templates for reviewing diffs between main and HEAD before release. Review subphase matches diff-based correctness, security, performance, and maintainability passes—not one-off lint fixes.
Where it fits
Pipe `git diff main...HEAD` into `codex exec` with the General Review template before merging a payments refactor.
Run the Security Deep-Dive prompt after the general pass when the diff touches auth or user input.
Review a third-party webhook handler PR with maintainability and race-condition checks called out in the template.
Validate a production hotfix branch with the verdict-style general prompt before emergency release.
How it compares
Use instead of ad-hoc “review my PR” chat prompts that lack severity dimensions and verdict structure.
Common Questions / FAQ
Who is codex-review for?
Indie and solo developers using Claude Code, Codex, or Cursor who review git diffs via CLI and want consistent, thorough prompts across agents.
When should I use codex-review?
In Ship/review before merge; during Build when validating a large integration PR; in Operate when reviewing hotfix diffs—especially as a first General pass then a Security Deep-Dive.
Is codex-review safe to install?
It is prompt text only—no network or shell by itself—but piping diffs may expose code to your reviewer provider; review the Security Audits panel on this page before trusting the package.
SKILL.md
READMESKILL.md - Codex Review
# Codex Review Prompt Templates Ready-to-use prompts for each review pass. These are model-agnostic — they work with any reviewer CLI. ## Usage Pass prompts as the final argument to the reviewer CLI: ```bash # From Claude (Codex reviews) codex exec "PROMPT_TEXT_HERE" # From Codex (Claude reviews) claude -p "PROMPT_TEXT_HERE" # Or pipe a diff into either git diff main...HEAD | codex exec "PROMPT_TEXT_HERE" git diff main...HEAD | claude -p "PROMPT_TEXT_HERE" ``` For Codex's structured `codex review` command, prompts aren't needed — it has its own review format. ## General Review Best as the first pass. Broad coverage across all dimensions. ``` Review the changes between main and HEAD with extreme thoroughness. Prioritize: 1. Correctness — logic errors, edge cases, null handling, race conditions 2. Security — injection, auth gaps, secrets exposure, OWASP Top 10:2025 3. Performance — algorithmic complexity, N+1 queries, memory leaks 4. Maintainability — coupling, abstraction leaks, API consistency For each finding: - Cite exact file and line range - Explain the bug/risk concretely (not "this could be improved") - Suggest a specific fix - Rate confidence 0.0-1.0 Skip: formatting, naming style, minor documentation gaps. Overall verdict: "patch is correct" or "patch is incorrect" with justification. ``` ## Security Deep-Dive ``` You are a senior application security engineer reviewing a code change. Analyze the diff between the current branch and main for: 1. Injection vulnerabilities (SQL, XSS, command, LDAP, template) 2. Authentication & authorization flaws 3. Secrets / credential exposure (hardcoded keys, tokens in logs) 4. Insecure deserialization or data handling 5. SSRF, path traversal, open redirects 6. Cryptographic misuse (weak algorithms, improper randomness) 7. Dependency risks (known CVEs, typosquatting) 8. Error handling that leaks internal state For each finding, provide: - Severity: critical / high / medium / low - Attack vector description - Affected file and line range - Concrete remediation with code example - Confidence: 0.0-1.0 If no security issues found, state that explicitly with your confidence level. Do NOT flag style or non-security concerns. ``` ## Architecture Review ``` You are a principal software architect reviewing a code change for design quality. Evaluate the diff between current branch and main: 1. Does this change respect existing architectural boundaries? 2. Are abstractions at the right level — not too leaky, not over-engineered? 3. Does coupling increase or decrease? Quantify if possible. 4. Is the API surface consistent with existing patterns in the codebase? 5. Does this change make the system harder to test, extend, or maintain? 6. Are there backwards compatibility concerns? 7. Would a different design achieve the same goal more cleanly? For each concern: - Reference specific files and patterns - Explain the architectural principle being violated - Suggest a concrete alternative approach - Rate impact: blocks-merge / should-fix / nice-to-have - Confidence: 0.0-1.0 Skip: implementation details, performance micro-optimizations, style. ``` ## Performance Review ``` You are a performance engineer reviewing a code change for efficiency. Analyze the diff between current branch and main: 1. Algorithmic complexity — is there O(n^2) where O(n) or O(n log n) suffices? 2. Database queries — N+1 patterns, missing indexes, unnecessary JOINs 3. Memory — leaks, unnecessary copies, unbounded growth 4. I/O — blocking calls on hot paths, missing async/streaming 5. Caching — missed opportunities, cache invalidation bugs 6. Bundle/binary size — unnecessary dependencies, tree-shaking failures 7. Concurrency — lock contention, thread-safety, deadlock potential For each finding: - Estimated impact magnitude (minor / moderate / severe) - Affected hot path or user-facing scenario - Concrete optimization with before/after code - Whether a benchmark is warranted - Confidence: 0.0-1.0 Skip: pr