Review code or branches for correctness, compatibility, architecture, tests, performance, and security.
The material indicates a code-review-oriented prompt workflow, and the system flags it as prompt-only with no secrets and no remote endpoints, so the overall risk is low. Its description suggests reading git diffs and delegating to sub-agents, but the provided material shows no clear red flags such as data exfiltration, privilege escalation, or unauditable closed-source behavior.
The material explicitly states that no keys or environment variables are required. There is no request for API tokens, cloud credentials, or account secrets, and no sign of credential harvesting behavior, so credential exposure appears low.
The system metadata lists no remote endpoints. The only network-related behavior in the document is ordinary git remote synchronization semantics such as origin/main, with no stated transfer of user code or data to third-party services and no unknown egress destination.
The README explicitly includes command-style steps such as git fetch, git log, and git diff, and mentions spawning Breaker/API Analyst sub-agents. This indicates an intended local review workflow or task orchestration. Such local command/orchestration behavior is a normal capability for this type of skill, and the material shows no request for system privileges beyond code review needs.
This skill is meant for code review and, per the description, would read branch diffs, commit history, and in Deep mode full changed files. That implies access to local repository contents, but the scope is broadly consistent with its stated purpose, with no indication of reading unrelated directories, sensitive system files, or extra resources.
The source is on GitHub and marked open-source, which is a meaningful risk reducer because the code can be audited. However, the provided repository link is not obviously aligned with the skill name/purpose, and the license is unspecified, stars are 0, and maintenance status is unknown, so supply-chain trust is moderate and should be verified against the actual repository contents and upkeep.
Copy the install command and let the AI configure it · recommended for beginners
Please install the "review" skill from askskill: 1. Download https://raw.githubusercontent.com/microsoft/FluidFramework/main/.claude/skills/review/SKILL.md 2. Save it as ~/.claude/skills/review/SKILL.md 3. Reload skills and tell me it's ready
Please do a full code review of this feature branch, focusing on logic correctness, API compatibility, architectural soundness, test coverage, performance risks, and security issues. Provide fix suggestions prioritized by severity.
A structured review report listing issues found, impact, severity, and specific fix recommendations.
Please review these API changes, determine whether they break backward compatibility, whether they follow existing naming and conventions, and identify where consumers may be affected.
Review feedback on compatibility and conventions, including potential breaking changes and improvement options.
Help me review this set of code changes before merge. Find missing tests, performance bottlenecks, duplicated implementations, and security issues, then provide a recommendation on whether it should be merged.
A pre-merge review conclusion with a risk summary, required fixes, and a merge recommendation.
/review # review current branch vs main
/review my-feature-branch # review a specific branch vs main
Spawns dedicated Breaker (correctness) and API Analyst (compatibility/conventions) sub-agents in parallel while the orchestrator performs the Inspector pass (architecture, tests, performance, security). Depth is user-selected.
Optimize for high-confidence, concise findings. Silence is better than speculation.
Target: $ARGUMENTS
Parse $ARGUMENTS:
my-feature-branch) -> diff that branch vs mainBefore doing anything, ask the user:
I can run a code review on your branch. Pick a depth (fastest to slowest):
- Skip — skip the review
- Quick — single-pass by orchestrator, all areas, no sub-agents
- Standard — full swarm: Breaker + API Analyst sub-agents + Inspector
- Deep — Standard + reads full changed files (not just diffs) for deeper analysis
Wait for the user's response. If they say skip, stop here.
<required> Immediately after the user picks a mode, create one task per applicable step using TaskCreate — before doing any other work. Mark each task in_progress when you start it and completed when you finish.Tasks to create by mode:
git fetch origin main && git log origin/main..HEAD --oneline && git diff --stat origin/main...HEAD
If a branch name was provided as argument, replace HEAD with origin/<branch-name> and add it to the fetch:
git fetch origin main <branch-name> && git log origin/main..origin/<branch-name> --oneline && git diff --stat origin/main...origin/<branch-name>
If on main and no branch name was provided, ask the user which branch to review.
Store the commit log, file list from --stat, and total $LINES_CHANGED.
Empty diff gate: Zero changed files -> report "No changes to review" and stop.
Size gate: >10,000 lines changed -> ask user to narrow scope before proceeding.
Exclude non-reviewable files from the file list: type declarations (.d.ts), lockfiles (pnpm-lock.yaml, package-lock.json), images, fonts, binaries, .map files, and generated API report files (*.api.md).
Read per-file diffs in batches (~50 files or ~500 changed lines per batch, whichever is smaller):
git diff origin/main...HEAD -- <file1> <file2> ...
For named branches, use origin/main...origin/<branch>.
After reading diffs, identify files where fuller context is needed — typically where the change touches a function that references shared state, calls other functions in the same file, or has fragmented hunks. Read those files in one batch using the Read tool.
Read every changed file in full (the version on the review branch). Use git show HEAD:<file> or git show origin/<branch>:<file> as appropriate.
If a change threads a new prop, callback, flag, or data field through a shared component or helper, read every changed call site and adjacent wrapper that accepts or forwards it.
…
Generate Fluid-style PR content, push branches, and open GitHub pull requests.
Explains how to use abilities effectively before starting any conversation.
Break large, long-running tasks into manageable chunks and preserve context.
Turn rough ideas into actionable designs through structured questioning and validation.
Draft and review Fluid Framework PR titles and descriptions consistently.
Update technical documentation after code changes are completed.
Review code deeply across correctness, tests, security, performance, and product quality.
Run a structured code review before commit or release on local or PR branches.
Trigger a code review against plans or requirements before moving forward.
Run multi-model reviews for code changes, PRs, and risky edits.
Simulate a multi-agent engineering team to review code for quality and risks.
Review code, suggest refactors, and generate tests with AI assistance.