platform.gitlab.security-review-policy
Use for security review of GitLab MR or commit diffs.
Best use case
platform.gitlab.security-review-policy is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Use for security review of GitLab MR or commit diffs.
Teams using platform.gitlab.security-review-policy should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/security-review-policy/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How platform.gitlab.security-review-policy Compares
| Feature / Agent | platform.gitlab.security-review-policy | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Use for security review of GitLab MR or commit diffs.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Security Review Policy Prioritize concrete exploit paths: - untrusted input reaching command execution, filesystem, network, SQL, templates, eval-like APIs, or deserialization. - secret exposure in logs, comments, config, prompts, artifacts, or errors. - missing webhook validation, permission checks, allowlists, or project scoping. - unsafe token scopes or write-back behavior. Avoid generic advice. Findings must name the affected path and the failing guard.
Related Skills
platform.gitlab.verification-matrix
Use to plan minimal QA checks for GitLab review findings.
platform.gitlab.subagent-prompts.tech-architect
Prompt template for the GitLab review technical architecture custom subagent.
platform.gitlab.subagent-prompts.spec-writer
Prompt template for the GitLab review discovery and spec context custom subagent.
platform.gitlab.subagent-prompts.security-agent
Prompt template for the GitLab review security custom subagent.
platform.gitlab.subagent-prompts.risk-qa
Prompt template for the GitLab review QA and risk custom subagent.
platform.gitlab.subagent-prompts.frontend-designer
Prompt template for the GitLab review frontend design custom subagent.
platform.gitlab.subagent-prompts.developer
Prompt template for the GitLab review developer custom subagent.
platform.gitlab.subagent-prompts.auto-fixer
Prompt template for the GitLab review auto fixer custom subagent.
platform.gitlab.spec-gate-review
Use to decide whether a GitLab review has enough product and technical context to proceed.
platform.gitlab.review-finding-schema
Use to produce structured GitLab code review findings and the final GitLab review result.
platform.gitlab.pm-risk-routing
Use to choose which custom subagents should be created for a GitLab review run.
platform.gitlab.gitlab-mr-review-workflow
Use for GitLab merge request review runs triggered by @Nine1bot comments or merge request webhooks.