tobihagemann/polish-code
skills/polish-code/SKILL.md
Stage, format, lint, test, review, smoke test, and re-run itself until stable. Use when the user asks to "polish code", "refine code", "iterate on code quality", "review loop", "clean up, test, and review loop", or "run the polish loop".
$ install --global
skillsauthnpx skillsauth add tobihagemann/turbo polish-codeInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 20, 2026, 4:24 AM14.2s1 file scanned
SKILL.md
- name:
- polish-code
- description:
- Stage, format, lint, test, review, smoke test, and re-run itself until stable. Use when the user asks to \"polish code\", \"refine code\", \"iterate on code quality\", \"review loop\", \"clean up, test, and review loop\", or \"run the polish loop\".
Polish Code
Task Tracking
At the start of every invocation (including re-runs from Step 7), use TaskCreate to create a task for each step:
- Run
/stageskill - Deterministic cleanup
- Run
/review-codeskill - Run
/evaluate-findingsskill - Run
/apply-findingsskill - Run
/smoke-testskill - Re-run
/polish-codeskill if changed
Step 1: Run /stage Skill
Run the /stage skill.
Step 2: Deterministic Cleanup
Run the project's formatter first, then the linter. Fix any lint errors or warnings that the formatter did not resolve. If the project has a combined format+lint script, use that.
Run the project's test suite to confirm nothing is broken. If tests fail, run the /investigate skill to diagnose the root cause, apply the suggested fix, and re-run tests. If investigation cannot identify a root cause, stop and report with investigation findings.
Stage all changes made in this step before continuing.
Step 3: Run /review-code Skill
Run the /review-code skill on the staged changes. The diff command is git diff --cached.
Step 4: Run /evaluate-findings Skill
Run the /evaluate-findings skill on the results from Step 3.
Step 5: Run /apply-findings Skill
Run the /apply-findings skill on the evaluated results.
Stage all changes made in this step before continuing.
Step 6: Run /smoke-test Skill
Run the /smoke-test skill to produce the smoke test plan. Delegate test execution to a subagent using the Agent tool (model: "opus", do not set run_in_background). Pass the plan and the diff command (git diff --cached) to the subagent.
If any test fails, fix the issues and stage the fixes.
Step 7: Re-run /polish-code Skill if Changed
Check whether any file was edited during Steps 5-6. Any edit counts.
The iteration number below refers to the /polish-code run currently executing Step 7. It is not the iteration number of a prospective re-run. Iteration 1 is the initial run; iteration 2 is the first auto-re-run; iteration 3 is the second auto-re-run; iteration 4 and beyond exist only when the user opts in at the hard-cap ask. Iterations 1 and 2 always follow the classification gate (they never trigger the hard cap at their own Step 7, even when the auto-re-run they spawn would be iteration 3). The hard cap fires at the end of iteration 3 and every iteration thereafter.
Iterations 1 and 2, if changes were made, classify what Steps 5-6 edited:
- Structural edits (fixed bugs, new or removed functions, changed function signatures, moved code between files, changed control flow, added or removed dependencies, corrected a stale or wrong comment that was itself a documentation bug) — run
/polish-codeagain using the Skill tool. Scope the diff command to only the files modified in Steps 5-6: usegit diff --cached -- <file1> <file2> ...as the diff command for/review-code. Smoke test scope remains unchanged (full feature scope, not file-narrowed). If the round contains both structural and in-place edits, treat it as structural and re-run automatically. - In-place edits only (renamed local variables without changing behavior, reformatted, adjusted whitespace, edited neutral comments) — output a summary of what changed, then use
AskUserQuestionto ask whether to run one more round or stop here. Do not silently continue or silently stop.
Iterations 1 and 2, if changes were made but you believe re-running is unnecessary, use AskUserQuestion to ask for skip permission. Do not skip silently.
Iteration 3 or later, if Steps 5-6 of this run made changes, the hard cap is reached. This replaces the classification gate above for iteration 3 and every iteration after it. Output a summary of what is still changing and whether it is structural or in-place. Then use AskUserQuestion to offer three options: continue for another iteration, stop here and accept the current state, or escalate to /consult-oracle for a different perspective on the remaining issues.
The re-invocation is a full, fresh run of this skill. Every step (1-7) executes with its own task tracking and skill invocations. "Scoped to modified files" only affects the diff command passed to /review-code. It does not affect which steps run or whether skills are invoked.
Then use the TaskList tool and proceed to any remaining task.
Rules
- Every step must run in every iteration.
/review-codecovers correctness, security, consistency, API usage, coverage, and simplicity across parallel internal reviewers plus peer review./evaluate-findingsis a judgment gate that must run before/apply-findings. - Each step must invoke its designated skill via the Skill tool, not be replaced by inline reasoning or agent calls.
- Re-invocations from Step 7 are full runs with fresh task tracking and complete skill invocations.
Related Skills
tobihagemann/understand-change
tools
VerifiedTrustedCommunity
Teach the user to deeply understand a change through interactive tutoring: restating understanding, drilling into why/what/how, and quizzing until mastery. The active counterpart to a one-shot explanation. Use when the user asks to "understand this change", "teach me this change", "help me understand what changed", "walk me through this change", "make sure I understand this", "quiz me on this", or "teach me what we did".
319SKILL.mdUpdated Jun 4, 2026
tobihagemann/understand-change
tools
VerifiedTrustedCommunity
Teach the user to deeply understand a change through interactive tutoring: restating understanding, drilling into why/what/how, and quizzing until mastery. The active counterpart to a one-shot explanation. Use when the user asks to "understand this change", "teach me this change", "help me understand what changed", "walk me through this change", "make sure I understand this", "quiz me on this", or "teach me what we did".
319SKILL.mdUpdated Jun 4, 2026
tobihagemann/update-pr
tools
VerifiedTrustedCommunity
Update an existing GitHub pull request's title and description to reflect the current state of the branch. Use when the user asks to "update the PR", "update PR description", "update PR title", "refresh PR description", or "sync PR with changes".
319SKILL.mdUpdated May 9, 2026
tobihagemann/split-and-ship
tools
VerifiedTrustedCommunity
Execute an approved split plan by creating separate branches, commits, and PRs for each change group. Use when the user asks to "split and ship", "ship the split plan", "create separate PRs", or "split changes into branches".
319SKILL.mdUpdated May 9, 2026