fix-review
Verify fix commits address audit findings without new bugs
Best use case
fix-review is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Verify fix commits address audit findings without new bugs
Teams using fix-review should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/fix-review/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How fix-review Compares
| Feature / Agent | fix-review | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Verify fix commits address audit findings without new bugs
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Fix Review ## Overview Verify that fix commits properly address audit findings without introducing new bugs or security vulnerabilities. ## When to Use This Skill Use this skill when you need to verify fix commits address audit findings without new bugs. Use this skill when: - Reviewing commits that address security audit findings - Verifying that fixes don't introduce new vulnerabilities - Ensuring code changes properly resolve identified issues - Validating that remediation efforts are complete and correct ## Instructions This skill helps verify that fix commits properly address audit findings: 1. **Review Fix Commits**: Analyze commits that claim to fix audit findings 2. **Verify Resolution**: Ensure the original issue is properly addressed 3. **Check for Regressions**: Verify no new bugs or vulnerabilities are introduced 4. **Validate Completeness**: Ensure all aspects of the finding are resolved ## Review Process When reviewing fix commits: 1. Compare the fix against the original audit finding 2. Verify the fix addresses the root cause, not just symptoms 3. Check for potential side effects or new issues 4. Validate that tests cover the fixed scenario 5. Ensure no similar vulnerabilities exist elsewhere ## Best Practices - Review fixes in context of the full codebase - Verify test coverage for the fixed issue - Check for similar patterns that might need fixing - Ensure fixes follow security best practices - Document the resolution approach ## Resources For more information, see the [source repository](https://github.com/trailofbits/skills/tree/main/plugins/fix-review).
Related Skills
preen-review-instructions
Audit and update code review instructions (REVIEW.md, .gemini/INSTRUCTIONS.md)
playwright-reviewing
Review Playwright E2E tests for best practices violations. Detects mocked app data, explicit timeouts, CSS selectors, skipped tests, and assertion anti-patterns. Use when reviewing Playwright PRs or auditing test quality.
owasp-security-review
Review code and architectures against the OWASP Top 10:2025 — the ten most critical web application security risks. Use when: (1) reviewing code for security vulnerabilities, (2) auditing a feature or codebase against OWASP categories, (3) providing remediation guidance for identified vulnerabilities, (4) writing new code and needing secure coding patterns. Triggers: 'review for security', 'OWASP audit', 'check for vulnerabilities','security checklist', 'is this code secure', 'security review', 'fix vulnerability'.
fagan-code-review
Systematic code inspection methodology for finding errors through structured team review. Based on Michael Fagan's formal inspection process (1976). Use for code reviews, design reviews, and quality audits.
code-reviewer
Elite code review expert specializing in modern AI-powered code analysis, security vulnerabilities, performance optimization, and production reliability. Masters static analysis tools, security scanning, and configuration review with 2024/2025 best practices. Use PROACTIVELY for code quality assurance.
code-review-patterns
Internal skill. Use cc10x-router for all development tasks.
code-review
Reviews code changes for quality, security, and best practices. Auto-invoke when implementation is complete and the workflow reaches the review step (step 9), or when changes are ready for pre-PR review.
arch-security-review
Use when reviewing code for security vulnerabilities, implementing authorization, or ensuring data protection.
requesting-code-review
Use when completing tasks, implementing major features, or before merging to verify work meets requirements
osx-review
Use when preparing mobile/desktop apps for App Store submission, before final release, or when user mentions App Store, production readiness, shipping, or needs comprehensive quality review for distribution
app-review
Review and process app submissions for the Pollinations showcase. Parse issues, validate submissions, create PRs, handle user corrections.
ascii-preview-generate
Use AI to create ASCII text-based preview of PDF page layout. Transforms visual and extracted data into structured ASCII representation for HTML generation.