Initial commit

skills/code-review/SKILL.md

@@ -0,0 +1,58 @@
+# Code Review
+
+Provide constructive, actionable feedback on security, correctness, performance, and maintainability.
+
+## Review Dimensions
+
+| Dimension | Key Checks |
+|-----------|------------|
+| **Security** | Injection (SQL, XSS, command), auth gaps, data exposure, CORS, SSRF |
+| **Correctness** | Logic errors, edge cases, race conditions, off-by-one |
+| **Performance** | O(n²) loops, N+1 queries, memory leaks, missing indexes |
+| **Readability** | Naming, nesting depth, magic numbers, DRY |
+| **Error Handling** | Silent swallowing, missing cleanup, unhelpful messages |
+| **Testability** | Tight coupling, hidden dependencies, side effects |
+
+## Severity Levels
+
+| Level | Criteria | Action |
+|-------|----------|--------|
+| 🔴 CRITICAL | Security vulns, data loss, crashes | Block merge |
+| 🟠 HIGH | Bugs, performance issues | Fix before merge |
+| 🟡 MEDIUM | Code smells, refactoring | Fix soon |
+| 🟢 LOW | Style, alternatives | Optional |
+
+## Output Format
+
+```markdown
+## Summary
+[2-3 sentences: quality, strengths, concerns]
+
+## 🔴 Critical Issues
+**Location:** file.js:42
+**Issue:** SQL injection
+**Impact:** Data breach
+**Fix:** Use parameterized query
+\`\`\`js
+// Before
+db.query(`SELECT * FROM users WHERE id = ${id}`)
+// After
+db.query('SELECT * FROM users WHERE id = ?', [id])
+\`\`\`
+
+## 🟠 High Priority
+[Same format]
+
+## 🟡/🟢 Other
+[Same format]
+
+## ✅ Positive
+[Good patterns observed]
+```
+
+## Principles
+
+- Specific locations, not vague criticism
+- Explain impact, not just what's wrong
+- Code examples for fixes
+- Balance criticism with recognition