Review

What Is This?

Overview

The Review skill provides automated pre-landing pull request analysis designed to catch structural and safety issues before code reaches your main branch. It analyzes the diff between your working branch and the base branch, examining changes for SQL safety violations, LLM trust boundary problems, conditional side effects, and other patterns that commonly cause production incidents. This analysis runs before you merge, giving you a final checkpoint that complements human code review.

Unlike general-purpose linters or static analysis tools, Review focuses on the categories of issues that are most likely to cause silent failures or security vulnerabilities in modern application stacks. It combines diff-aware context with pattern recognition to surface problems that line-by-line review often misses, particularly in complex multi-file changes where the interaction between components matters as much as any individual change.

The skill integrates naturally into development workflows by responding to common review-related prompts. When you ask to "review this PR," "run a code review," or "check my diff," the skill activates automatically. It also proactively suggests running when it detects you are preparing to merge or land changes, acting as a safety net at the most critical point in the development cycle.

Who Should Use This

• Backend engineers working with SQL databases who need to verify migration safety and query correctness before merging schema or data changes
• Full-stack developers building applications that integrate large language models and need to enforce trust boundaries between user input and system prompts
• Team leads and senior engineers conducting pre-merge reviews who want automated assistance identifying structural issues across large diffs
• DevOps and platform engineers responsible for maintaining deployment pipelines who need to catch conditional side effects in infrastructure-as-code changes
• Solo developers without dedicated code reviewers who need a structured second pass before landing changes to production systems
• Security-focused engineers who want consistent enforcement of safety patterns across every pull request regardless of reviewer availability

Why Use It?

Problems It Solves

• SQL injection and unsafe migration patterns often survive human review because reviewers focus on logic rather than query construction details, especially in ORMs where raw queries are mixed with abstracted calls
• LLM trust boundary violations, such as user-controlled content reaching system prompt positions, are difficult to spot in diff view because the vulnerability spans multiple files and function call chains
• Conditional side effects in configuration and infrastructure code can introduce environment-specific behavior that only manifests in production, making them nearly impossible to catch through local testing
• Large pull requests overwhelm reviewers, causing important structural issues to be missed in the volume of changes, and automated pre-landing analysis provides consistent coverage regardless of diff size
• Last-minute merges under deadline pressure skip thorough review, and a proactive suggestion to run analysis at merge time creates a low-friction checkpoint that catches issues without requiring a full review cycle

Core Highlights

• Analyzes diffs against the base branch rather than the full codebase, keeping analysis focused and fast
• Detects SQL safety issues including unsafe parameterization, destructive migrations without guards, and transaction boundary problems
• Identifies LLM trust boundary violations where user input can influence system-level prompt construction
• Flags conditional side effects that behave differently across environments or execution contexts
• Proactively suggests running when merge or land operations are detected in the workflow
• Responds to natural language prompts including "review this PR" and "check my diff"
• Supports multi-file analysis through coordinated tool use across Bash, Read, Grep, and Glob

How to Use It?

Basic Usage

Trigger the skill by asking for a code review in natural language. The skill will run the diff and begin analysis automatically.

"Review this PR before I merge"
"Run a pre-landing review on my changes"
"Check my diff against main"

To get the diff manually for inspection:

git diff main...HEAD
git diff --stat main...HEAD

Specific Scenarios

SQL Migration Review: When you have added a new migration file, the skill checks for missing rollback paths, column drops without deprecation periods, and raw string interpolation in queries.

LLM Integration Review: For changes touching prompt construction code, the skill traces data flow from request parameters to prompt assembly, flagging locations where user-controlled values reach privileged prompt positions.

Real-World Examples

A developer adds a new search endpoint that constructs a SQL query using f-string formatting. Review flags the parameterization issue before it reaches production.

A team merges a feature that passes a user-supplied system_role parameter into the LLM client constructor. Review identifies the trust boundary violation in the diff.