cnoe-io/review-specific-pr
charts/ai-platform-engineering/data/skills/review-specific-pr/SKILL.md
Perform a comprehensive code review of a specific GitHub Pull Request. Analyzes code changes, checks for bugs, security issues, test coverage, and coding standards compliance. Use when a user provides a PR URL or asks to review a specific pull request.
$ install --global
skillsauthnpx skillsauth add cnoe-io/ai-platform-engineering review-specific-prInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 15, 2026, 4:51 PM4.0s2 files scanned
SKILL.md
- name:
- review-specific-pr
- description:
- Perform a comprehensive code review of a specific GitHub Pull Request. Analyzes code changes, checks for bugs, security issues, test coverage, and coding standards compliance. Use when a user provides a PR URL or asks to review a specific pull request.
Review a Specific PR
Given a GitHub PR URL or identifier, perform a thorough code review covering correctness, security, performance, testing, and style.
Input
Requires a PR URL in the format `https://github.com/{owner}/{repo}/pull/{number}` or `{owner}/{repo}#{number}`.
Instructions
Phase 1: Context Gathering
- Fetch PR metadata - title, description, author, branch, labels, linked issues
- Fetch the diff - all changed files with additions and deletions
- Fetch CI/CD status - check suite results, individual check runs
- Fetch existing reviews and comments - prior feedback from other reviewers
- Fetch linked issues - understand the intent behind the changes
Phase 2: Code Analysis
Analyze each changed file for:
-
Correctness & Logic
- Off-by-one errors, null/undefined handling, race conditions
- Proper error handling and edge cases
- Correct use of async/await patterns
- State management issues
-
Security
- Hardcoded credentials, API keys, tokens (NEVER allowed per project rules)
- SQL injection, XSS, CSRF vulnerabilities
- Insecure cryptographic algorithms (no MD5, SHA-1, DES, RC4)
- Proper input validation and sanitization
- Certificate handling (check expiration, key strength, signature algorithms)
-
Performance
- Unnecessary re-renders (React), N+1 queries, unbounded loops
- Memory leaks (event listeners, subscriptions not cleaned up)
- Missing pagination for large datasets (OOM protection)
- Expensive operations in hot paths
-
Testing
- Are new code paths covered by tests?
- Are edge cases tested?
- Do existing tests still pass?
- Integration test coverage for agent interactions
-
Style & Standards
- Conventional commit format in PR title
- DCO sign-off present in commits
- Python: Black formatting, Ruff compliance, type hints, Google-style docstrings
- TypeScript/React: Proper typing, component patterns
- Import organization (stdlib, third-party, local-package, local-relative)
-
Architecture
- Does the change follow existing patterns in the codebase?
- Are new dependencies justified?
- Is the change scope appropriate (not too large)?
- Breaking changes properly documented?
Phase 3: Review Output
Categorize findings by severity:
- Critical - Must fix before merge (bugs, security, data loss)
- Major - Should fix before merge (significant quality issues)
- Minor - Nice to have improvements (style, readability)
- Praise - Well-done patterns worth calling out
Output Format
```markdown
PR Review: #{number} - {title}
Author: @{author} | Branch: {head} -> {base} Changed Files: {count} | Additions: +{added} | Deletions: -{removed} CI Status: Passing/Failing | Reviews: {status}
Summary
[1-2 paragraph overview of what this PR does and overall assessment]
Verdict: Approve / Request Changes / Comment
Critical Issues (must fix)
1. [File: path/to/file.py, Line 42]
Issue: Missing null check before accessing `response.data` Impact: Will throw TypeError in production when API returns empty response Suggestion: \`\`\`python if response and response.data: process(response.data) \`\`\`
Major Issues (should fix)
...
Minor Suggestions
...
What Looks Good
- Clean separation of concerns in the new agent module
- Good test coverage for the happy path
Checklist
- [ ] Conventional commit title
- [ ] DCO sign-off on all commits
- [ ] Tests added/updated
- [ ] No hardcoded credentials
- [ ] Type hints present
- [ ] Docstrings for public APIs ```
Examples
- "Review the PR at https://github.com/cnoe-io/ai-platform-engineering/pull/42"
- "Can you do a code review of cnoe-io/ai-platform-engineering#123"
- "Review PR #567 in the ai-platform-engineering repo"
Guidelines
- Always read the full diff, not just file names
- Check if the PR description adequately explains the "why" not just the "what"
- Verify that the PR size is reasonable (flag PRs with >500 lines changed as potentially too large)
- When finding security issues, reference the specific codeguard rule (e.g., no hardcoded credentials, no banned crypto algorithms)
- If tests are missing, suggest specific test cases rather than just saying "add tests"
- Be constructive - balance criticism with praise for good patterns
- Check for breaking changes that may need an ADR in `docs/docs/changes/`
Related Skills
cnoe-io/streaming-testing
testing
VerifiedTrustedCommunity
Compare A2A streaming behaviour across supervisor versions. Captures SSE events, analyzes metadata flags (is_narration, is_final_answer), and produces side-by-side comparison reports.
345SKILL.mdUpdated Apr 15, 2026
cnoe-io/sprint-progress-report
testing
VerifiedTrustedCommunity
Generate a comprehensive sprint progress report from Jira with velocity metrics, burndown analysis, blocker identification, and team workload distribution. Use when preparing sprint reviews, standups, or tracking sprint health mid-cycle.
345SKILL.mdUpdated Apr 4, 2026
cnoe-io/security-vulnerability-report
development
VerifiedTrustedCommunity
Scan GitHub repositories for security vulnerabilities including Dependabot alerts, code scanning results, and secret scanning findings. Use when auditing repository security, preparing compliance reports, or triaging vulnerability alerts.
345SKILL.mdUpdated Apr 4, 2026
cnoe-io/review-open-pull-requests
testing
VerifiedTrustedCommunity
List and analyze all open pull requests across GitHub repositories. Shows review status, CI/CD check results, age, and reviewers. Use when triaging PRs, checking team velocity, or identifying stale reviews that need attention.
345SKILL.mdUpdated Apr 4, 2026