code-review-checklist
Code Review Checklist
Quick Review Checklist
Correctness
- Code does what it's supposed to do
- Edge cases handled
- Error handling in place
- No obvious bugs
Security
- Input validated and sanitized
- No SQL/NoSQL injection vulnerabilities
- No XSS or CSRF vulnerabilities
- No hardcoded secrets or sensitive credentials
- AI-Specific: Protection against Prompt Injection (if applicable)
- AI-Specific: Outputs are sanitized before being used in critical sinks
Performance
- No N+1 queries
- No unnecessary loops
- Appropriate caching
- Bundle size impact considered
Code Quality
- Clear naming
- DRY - no duplicate code
- SOLID principles followed
- Appropriate abstraction level
Testing
- Unit tests for new code
- Edge cases tested
- Tests readable and maintainable
Documentation
- Complex logic commented
- Public APIs documented
- README updated if needed
AI & LLM Review Patterns (2025)
Logic & Hallucinations
- Chain of Thought: Does the logic follow a verifiable path?
- Edge Cases: Did the AI account for empty states, timeouts, and partial failures?
- External State: Is the code making safe assumptions about file systems or networks?
Prompt Engineering Review
// ❌ Vague prompt in code
const response = await ai.generate(userInput);
// ✅ Structured & Safe prompt
const response = await ai.generate({
system: "You are a specialized parser...",
input: sanitize(userInput),
schema: ResponseSchema
});
Anti-Patterns to Flag
// ❌ Magic numbers
if (status === 3) { ... }
// ✅ Named constants
if (status === Status.ACTIVE) { ... }
// ❌ Deep nesting
if (a) { if (b) { if (c) { ... } } }
// ✅ Early returns
if (!a) return;
if (!b) return;
if (!c) return;
// do work
// ❌ Long functions (100+ lines)
// ✅ Small, focused functions
// ❌ any type
const data: any = ...
// ✅ Proper types
const data: UserData = ...
Review Comments Guide
// Blocking issues use 🔴
🔴 BLOCKING: SQL injection vulnerability here
// Important suggestions use 🟡
🟡 SUGGESTION: Consider using useMemo for performance
// Minor nits use 🟢
🟢 NIT: Prefer const over let for immutable variable
// Questions use ❓
❓ QUESTION: What happens if user is null here?
More from tai-ch0802/skills-bundle
sdd
Spec-Driven Development (SDD): A structured workflow (Requirement -> Analysis -> Implementation) enforcing explicit documentation before coding.
13code-quality
Pragmatic coding standards and code review guidelines. Covers naming, functions, anti-patterns, review checklists, and AI-specific review patterns. Replaces clean-code + code-review-checklist.
12testing-mastery
Unified testing skill — TDD workflow, unit/integration patterns, E2E/Playwright strategies. Replaces tdd-workflow + testing-patterns + webapp-testing.
10prd
Guidelines and templates for creating effective Product Requirement Documents (PRD), bridging the gap between business goals and technical implementation.
8skill-creator
Create new skills, modify and improve existing skills, and measure skill performance. Use when users want to create a skill from scratch, update or optimize an existing skill, run evals to test a skill, benchmark skill performance with variance analysis, or optimize a skill's description for better triggering accuracy.
8frontend-design
Create distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, artifacts, posters, or applications (examples include websites, landing pages, dashboards, React components, HTML/CSS layouts, or when styling/beautifying any web UI). Generates creative, polished code and UI design that avoids generic AI aesthetics.
7