jnuyens/gsd:code-review
skills/code-review/SKILL.md
Review source files changed during a phase for bugs, security issues, and code quality problems
$ install --global
skillsauthnpx skillsauth add jnuyens/gsd-plugin gsd:code-reviewInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 25, 2026, 4:19 PM17.2s1 file scanned
SKILL.md
- name:
- gsd:code-review
- description:
- Review source files changed during a phase for bugs, security issues, and code quality problems
- argument-hint:
- <phase-number> [--depth=quick|standard|deep] [--files file1,file2,...]
<objective>
Review source files changed during a phase for bugs, security vulnerabilities, and code quality problems.
Spawns the gsd-code-reviewer agent to analyze code at the specified depth level. Produces REVIEW.md artifact in the phase directory with severity-classified findings.
Arguments:
- Phase number (required) — which phase's changes to review (e.g., "2" or "02")
--depth=quick|standard|deep(optional) — review depth level, overrides workflow.code_review_depth config- quick: Pattern-matching only (~2 min)
- standard: Per-file analysis with language-specific checks (~5-15 min, default)
- deep: Cross-file analysis including import graphs and call chains (~15-30 min)
--files file1,file2,...(optional) — explicit comma-separated file list, skips SUMMARY/git scoping (highest precedence for scoping)
Output: {padded_phase}-REVIEW.md in phase directory + inline summary of findings </objective>
<execution_context> @${CLAUDE_PLUGIN_ROOT}/workflows/code-review.md </execution_context>
<context> Phase: $ARGUMENTS (first positional argument is phase number)Optional flags parsed from $ARGUMENTS:
--depth=VALUE— Depth override (quick|standard|deep). If provided, overrides workflow.code_review_depth config.--files=file1,file2,...— Explicit file list override. Has highest precedence for file scoping per D-08. When provided, workflow skips SUMMARY.md extraction and git diff fallback entirely.
Context files (CLAUDE.md, SUMMARY.md, phase state) are resolved inside the workflow via gsd-sdk query init.phase-op and delegated to agent via <files_to_read> blocks.
</context>
Execute the code-review workflow from @${CLAUDE_PLUGIN_ROOT}/workflows/code-review.md end-to-end.
The workflow (not this command) enforces these gates:
- Phase validation (before config gate)
- Config gate check (workflow.code_review)
- File scoping (--files override > SUMMARY.md > git diff fallback)
- Empty scope check (skip if no files)
- Agent spawning (gsd-code-reviewer)
- Result presentation (inline summary + next steps) </process>
Related Skills
jnuyens/gsd:remember-access
testing
VerifiedTrustedCommunity
Capture or review how this project connects to external systems (GitHub, AWS, npm, SSH, etc.) so future sessions know the auth recipe. Auto-detection hook logs candidate captures to an inbox; this skill promotes them to permanent recipes in `.planning/AUTH-RECIPES.md` and optionally to user-global memory at `~/.claude/auth-recipes/`.
43SKILL.mdUpdated May 26, 2026
jnuyens/gsd:new-ddd
tools
VerifiedTrustedCommunity
Initialize a new project using Documentation-Driven Development. Research, then write user-facing docs (SPEC.md) as the spec, then user validates docs, then phases derive from doc sections. Best for CLIs, libraries, SDKs, APIs, plugin systems, anything with a well-defined user-facing surface.
38SKILL.mdUpdated May 25, 2026
jnuyens/gsd:mvp-phase
tools
VerifiedTrustedCommunity
Plan an MVP-mode phase — captures an "As a / I want to / So that" user story, runs SPIDR splitting, then delegates to plan-phase
21SKILL.mdUpdated May 8, 2026
jnuyens/gsd:extract-learnings
testing
VerifiedTrustedCommunity
Extract decisions, lessons, patterns, and surprises from completed phase artifacts
21SKILL.mdUpdated Apr 25, 2026