Code Review
Run profile-based review checks on config changes and structured data handling before you merge or ship.
Overview
code-review is an agent skill most often used in Ship (also Build) that applies numbered configuration and data-format review profiles with CRITICAL–MEDIUM severities.
Install
npx skills add https://github.com/paulrberg/agent-skills --skill code-reviewWhat is this skill?
- Configuration profile with six CFG checks from HIGH to MEDIUM severity
- Data formats profile with six DF checks including CRITICAL unsafe YAML handling
- Evidence expectations: compare against baselines and name concrete failure modes under load
- Load profiles contextually (config vs structured data) instead of one generic lint pass
- Severity buckets: CRITICAL, HIGH, and MEDIUM on cited rule IDs
- Configuration profile lists 6 CFG checks (CFG-001 through CFG-006)
- Data formats profile lists 6 DF checks (DF-001 through DF-006) including CRITICAL unsafe YAML handling
Adoption & trust: 1.8k installs on skills.sh; 62 GitHub stars; 2/3 security scanners passed (skills.sh audits).
What problem does it solve?
You are merging config or parser changes without a consistent checklist for rollout safety and structured-data exploits.
Who is it for?
Indie builders shipping backend services, data exports, or YAML/JSON-heavy configs who want agent-driven review against explicit HIGH and CRITICAL rules.
Skip if: Pure UI-only PRs with no config or serialization changes, or teams that already enforce the same rules exclusively in CI with blocking policies.
When should I use this skill?
User requests code review on configuration, infra limits, rollout controls, or structured data parsing/serialization changes.
What do I get? / Deliverables
You get findings tied to CFG and DF rule IDs with severity and evidence expectations so you can fix or gate the change before production.
- Findings mapped to CFG/DF rule IDs with CRITICAL, HIGH, or MEDIUM severity
- Evidence notes comparing baselines and describing load or abuse failure modes
Recommended Skills
Journey fit
Spans multiple journey phases - primary shelf plus alternate fits below.
Formal review with severity-tagged findings belongs on the ship/review shelf even when the same checks catch build-time mistakes. Targets pre-merge quality gates—config rollout safety and parser/schema risk—not greenfield feature coding.
Where it fits
Scan a PR that raises connection pool limits and verify timeout/retry ordering and rollback paths.
Review a new YAML import path for unsafe loaders before the feature branch merges.
Flag CSV export cells that could trigger formula injection when opened in spreadsheets.
How it compares
Profile-based checker with rule IDs and severities—not a one-shot “LGTM” chat review or a generic linter wrapper.
Common Questions / FAQ
Who is code-review for?
Solo and small-team builders who want structured agent review on configuration rollouts and structured data parsing before merge.
When should I use code-review?
In Ship before merge on infra/config diffs; in Build when adding parsers or exporters—especially YAML loaders, CSV downloads, and pool or timeout tuning.
Is code-review safe to install?
Use the Security Audits panel on this Prism page; the skill reads your repo for review and does not replace human judgment on production cutovers.
SKILL.md
READMESKILL.md - Code Review
# Configuration Profile Load for config, infra limits, or rollout controls. ## Checks - `CFG-001` High-magnitude change (`HIGH`): significant value shift without baseline or justification. - `CFG-002` Timeout/retry inversion (`HIGH`): upstream/downstream timeout or retry hierarchy causes cascading failures. - `CFG-003` Pool/limit mismatch (`HIGH`): connection/thread/concurrency limits can starve or overload dependencies. - `CFG-004` Env drift (`MEDIUM`): prod values copied blindly from dev/staging without proportional scaling. - `CFG-005` Rollback gap (`MEDIUM`): risky change lacks feature flag, canary path, or reversible plan. - `CFG-006` Observability gap (`MEDIUM`): no metric/alert to validate the change safely. ## Evidence Expectations - Compare new values against previous values. - Call out concrete failure mode under load. # Data Formats Profile Load when code parses or emits structured data. ## Checks - `DF-001` CSV formula injection (`HIGH`): cells starting with formula tokens exported unsanitized. - `DF-002` Unsafe YAML handling (`CRITICAL`): unsafe loader on untrusted YAML. - `DF-003` Schema-free parsing (`HIGH`): JSON/YAML accepted without structural validation. - `DF-004` Numeric precision loss (`HIGH`): large identifiers/amounts coerced into unsafe number types. - `DF-005` Binary parser trust (`HIGH`): no length/magic-byte/offset validation. - `DF-006` Encoding ambiguity (`MEDIUM`): implicit charset assumptions can corrupt data or bypass checks. ## Evidence Expectations - Show malformed payload and resulting failure or exploit condition. # Naming Profile Use after correctness/security findings are handled. ## Checks - `NM-001` Generic function names (`MEDIUM`): names like `process`/`handle` hide intent. - `NM-002` Misleading identifiers (`MEDIUM`): name contradicts actual data shape or behavior. - `NM-003` Boolean ambiguity (`LOW`): booleans not expressed as `is/has/can/should` style predicates. - `NM-004` File/export mismatch (`LOW`): filename and exported symbol diverge from project conventions. - `NM-005` Constant intent loss (`LOW`): magic values or value-based constant names. - `NM-006` Misleading filename (`LOW`): file's actual responsibility diverges from what its name implies (e.g., `utils.ts` that only formats dates → `date-format.ts`). Suggest a rename with rationale; flag as `MEDIUM` when the mismatch is likely to cause incorrect usage or placement of new code. ## Guardrail Only raise naming findings when they materially reduce maintainability in the touched code. # Python Profile Load for `*.py` and Python service code. ## Checks - `PY-001` Mutable defaults (`HIGH`): shared state across calls from mutable default args. - `PY-002` Async blocking (`HIGH`): blocking I/O in coroutine paths. - `PY-003` Dangerous execution (`CRITICAL`): `eval`/`exec`/unsafe deserialization on untrusted input. - `PY-004` Injection surfaces (`CRITICAL`): SQL string interpolation, `subprocess(..., shell=True)` with user input. - `PY-005` Iterator/lifecycle bugs (`MEDIUM`): exhausted iterators reused or context cleanup omitted. - `PY-006` Type-blind boundaries (`MEDIUM`): weakly validated external payloads. ## Evidence Expectations - Show exact call path where untrusted input crosses into dangerous API. - Include deterministic repro condition when possible. # Security Profile Load when code touches trust boundaries. ## Checks - `SEC-001` Injection sink (`CRITICAL`): SQL/shell/template/path input reaches execution without safe binding. - `SEC-002` Broken auth/authz (`CRITICAL`): missing ownership checks, privilege escalation paths, or trust on client-only checks. - `SEC-003` Secret exposure (`HIGH`): credentials in source, logs, artifacts, or client bundles. - `SEC-004` Unsafe execution/parsing (`CRITICAL`): `eval`/unsafe deserialization/untrusted code execution. - `SEC-005` Session/token weakness (`HIGH`): missing validation/rotation/expiry constraints. - `SEC-006` Traversal or SSRF (`HIGH`): user-