code-review-general
Code Review General
Overview
Use this skill for structured merge-readiness review across correctness, readability, maintainability, and change risk.
Scope Boundaries
- Use this skill when the task matches the trigger condition described in
description. - Do not use this skill when the primary task falls outside this skill's domain.
Inputs To Gather
- Diff scope, affected modules, and runtime impact.
- Change intent and acceptance criteria.
- Related incidents/bugs and known fragile areas.
- Existing test coverage and missing verification.
Deliverables
- Prioritized findings list (severity, rationale, evidence).
- Open questions and risk assumptions.
- Minimal change summary and test/verification gaps.
Finding Format (Required)
Use this structure for each finding:
severity: blocker/high/medium/lowlocation: file + lineissue: concrete defect/riskimpact: why this mattersfix: root-cause-oriented recommendation
Quick Review Heuristics
- Correctness: state transitions, edge-case handling, error propagation.
- Maintainability: naming clarity, duplication, boundary responsibility.
- Safety: hidden fallbacks, implicit defaults, brittle conditionals.
- Verification: missing tests for new branches/failure paths.
Quality Standard
- Findings are evidence-based and tied to changed code.
- Severity reflects user/business impact, not stylistic preference.
- Recommendations address root causes, not cosmetic patches.
- Residual risks and untested paths are explicitly called out.
Workflow
- Build change context and identify high-risk areas.
- Review for correctness and behavioral regressions.
- Review maintainability and architectural fit.
- Assess verification sufficiency and operational risk.
- Publish findings first, then questions, then concise summary.
Failure Conditions
- Stop when critical correctness issues block safe merge.
- Escalate when required context or evidence is unavailable for high-risk changes.
More from kentoshimizu/sw-agent-skills
graph-algorithms
Graph algorithm workflow for modeling entities/relations and selecting traversal, path, ordering, or flow strategies. Use when correctness or performance depends on graph representation and algorithm choice; do not use for schema-only modeling or deployment topology planning.
14bash-style-guide
Style, review, and refactoring standards for Bash shell scripting. Trigger when `.sh` files, files with `#!/usr/bin/env bash` or `#!/bin/bash`, or CI workflow blocks with `shell: bash` are created, modified, or reviewed and Bash-specific quality controls (quoting safety, error handling, portability, readability) must be enforced. Do not use for generic POSIX `sh`, PowerShell, or language-specific application style rules. In multi-language pull requests, run together with other applicable `*-style-guide` skills.
11architecture-clean-architecture
Clean Architecture workflow for enforcing dependency direction, stable domain boundaries, and use-case-centered application design. Use when teams must separate business rules from frameworks and delivery mechanisms; do not use for isolated module cleanup without boundary implications.
11powershell-style-guide
Style, review, and refactoring standards for PowerShell scripting. Trigger when `.ps1`, `.psm1`, `.psd1` files, or CI workflow blocks with `shell: pwsh` or `shell: powershell` are created, modified, or reviewed and PowerShell-specific quality controls (error handling, parameter validation, readability, operational safety) must be enforced. Do not use for Bash, generic POSIX `sh`, or language-specific application style rules. In multi-language pull requests, run together with other applicable `*-style-guide` skills.
10github-codeowners-management
Govern CODEOWNERS rules so review routing reflects real ownership and risk boundaries on GitHub. Use when repository ownership mapping or mandatory reviewer rules must be defined, updated, or audited; do not use for non-GitHub runtime architecture or data-layer design.
9security-authentication
Security workflow for authentication architecture, credential lifecycle, and session/token assurance. Use when login, identity proofing, MFA, or session security decisions are required; do not use for authorization policy design or non-security quality tuning.
9