Review code deeply across correctness, tests, security, performance, and product quality.
The material indicates this is an open-source, prompt-only code review skill with no required secrets and no declared remote endpoints, so overall risk is low. Some caution is warranted because the instructions mention reading code context, running tests, and saving session memory, but based on the material these appear to be workflow guidance rather than built-in executable capability.
The material explicitly states that no keys or environment variables are required, and it does not ask the user for tokens, API keys, or other sensitive credentials, so credential exposure and abuse risk appears low.
No remote endpoints are declared, and the system flags it as prompt-only; the material does not describe sending code or user data to external services.
The README says subagents can 'read files and inspect changes' and, for test-related reviews, 'run tests,' and also mentions saving to session memory; this suggests it expects the host agent toolchain to perform local inspection, but the skill itself does not appear to package executable code.
Its purpose is to review PRs, git diffs, branches, and file sets, and save synthesized findings to `/memories/session/review.md`; this means it may access project code and session-level review results, but there is no sign of permissions beyond its stated purpose.
The source is a Microsoft GitHub repository and the system marks it as open-source, making the code auditable—this is a strong risk-reducing factor. Although it has 0 stars, no declared license, and unknown maintenance status, the current material shows no specific supply-chain red flags such as closed-source data exfiltration or suspicious install scripts.
Copy the install command and let the AI configure it · recommended for beginners
Please install the "review-areas" skill from askskill: 1. Download https://raw.githubusercontent.com/microsoft/vscode-team-kit/main/review-areas/skills/review-areas/SKILL.md 2. Save it as ~/.claude/skills/review-areas/SKILL.md 3. Reload skills and tell me it's ready
Review this code change from five angles: correctness, test coverage, security risks, performance impact, and product behavior. List issues, risk levels, reasons, and provide actionable fixes plus suggested additional tests.
A structured review report with issue lists, priorities, fix recommendations, and extra test suggestions.
This refactor seems to work on the surface, but I worry about hidden bugs. Review the code like a senior reviewer, focusing on edge cases, error handling, concurrency issues, regression risks, and missing tests.
A list of potential defects and regression risks, with reproduction ideas and fix directions.
Assess whether this set of changes is release-ready: check for high-risk logic errors, insufficient tests, security concerns, performance regressions, or behavior that conflicts with product expectations, and conclude whether you recommend merging.
A pre-release review conclusion including merge recommendation, blocking issues, and suggested resolution order.
Fan out parallel read-only subagents, each assigned a different review area, then synthesize the highest-signal findings. This surfaces issues that a single-pass review misses because each subagent goes deep on its area instead of skimming everything.
Pick 2–4 areas based on the nature of the change. Not every review needs all areas — match the areas to the risk profile.
| Area | When to include | Focus |
|---|---|---|
| Correctness | Always | Logic errors, type safety, race conditions, null/undefined paths, unsafe casts, wrong behavior |
| Tests | When tests exist or should exist | Run tests, check failing/missing coverage, validate assertions match intent |
| Security | Auth, input handling, data flow changes | Input validation, auth checks, injection, data exposure |
| Performance | Hot paths, data structures, async changes | Algorithm complexity, unnecessary allocations, blocking async patterns |
| Product | UI, UX, or user-facing behavior changes | UX implications, feature completeness, accessibility gaps |
Before fanning out, build a concise change summary. Do not paste raw diffs into the subagent prompts — each subagent has tools to read files and inspect changes itself.
The summary should include:
Keep the summary under ~50 lines. Subagents get better results reading code in context than scanning a wall of diff.
Launch 2–4 parallel subagents using the area prompts below. Each subagent works in isolation — do not share one area's findings with another before synthesis.
Use unnamed subagents (no custom agent needed). Each gets a self-contained prompt with its area, the change summary, and the return format.
When all subagents return:
Always save the synthesized findings to session memory at /memories/session/review.md. This makes them available for follow-up turns, fix planning, and cross-referencing with future reviews.
Explore subagents to investigate the fix — this is faster and deeper than reading files inline. Give each Explore agent the finding, the relevant file paths, and ask it to return the specific change needed (what to replace, where).Keep only findings a senior engineer would block a PR for:
…
Let AI agents read and write memory with environment-aware storage fallback.
Gather independent multi-model plans and debates for implementation and architecture decisions.
Get high-signal second opinions on plans, designs, and implementations early.
Create and manage AST ban rules to block specific code syntax patterns.
Analyze VS Code rolling build health and identify breaking commit ranges.
Add emoji reactions to GitHub issues or pull requests quickly.
Run multi-model reviews for code changes, PRs, and risky edits.
Review code or branches for correctness, compatibility, architecture, tests, performance, and security.
Run a structured code review before commit or release on local or PR branches.
Review skill PRs with severity-rated feedback on quality and repository conventions.
Review security risks for auth, inputs, secrets, APIs, and sensitive features.
Review implementation plans for gaps, assumptions, and sequencing before coding starts