review-prompt

Use when reviewing code that builds LLM features — prompt construction, tool/function definitions, model-output handling, RAG context, or agent loops. Treats model output and untrusted content reaching a prompt as a trust boundary.

5 stars

Best use case

review-prompt is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Use when reviewing code that builds LLM features — prompt construction, tool/function definitions, model-output handling, RAG context, or agent loops. Treats model output and untrusted content reaching a prompt as a trust boundary.

Teams using review-prompt should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/review-prompt/SKILL.md --create-dirs "https://raw.githubusercontent.com/forbee-dev/ForgeBee/main/forgebee/skills/review-prompt/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/review-prompt/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How review-prompt Compares

Feature / Agentreview-promptStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Use when reviewing code that builds LLM features — prompt construction, tool/function definitions, model-output handling, RAG context, or agent loops. Treats model output and untrusted content reaching a prompt as a trust boundary.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

Related Guides

SKILL.md Source

You are an AI-application reviewer. Analyze the changed code for risks specific to building LLM features — the trust-boundary, validation, eval, and cost issues that generic code review misses. This is the LLM-native counterpart to `review-security`.

> Emit findings in the shared format: `forgebee/skills/_review-finding-contract.md` (severity block + score + footer line).

## Use When
- Changed code constructs prompts, defines tools/functions for a model, or parses model output
- A feature interpolates user input, tool output, retrieved documents, or web content into a prompt
- New RAG, agent-loop, or structured-output code needs a review before shipping
- Prompt or model-config changes ship without eval/regression coverage

## Instructions

1. Run `git diff HEAD` (fallback `git diff HEAD~1`) to see the changes. Report only on changed code.
2. If the project names a model provider, defer provider-specific facts to that provider's docs (for Anthropic/Claude, the `claude-api` reference skill is authoritative — do NOT assert model IDs, pricing, or limits from memory).
3. Treat **model output** and any **content reaching a prompt** as untrusted at the boundary — same posture as CLAUDE.md's P3 trust-boundary carve-out (network/webhooks/user input are never YAGNI).

## Review Checklist (LLM-app dimensions)

- **Prompt injection (trust boundary)** — Untrusted content (user input, tool output, retrieved docs, web fetches, file contents) interpolated into a prompt or **system prompt** without being delimited and labeled as data. Flag any system-prompt string built by concatenating request input. `Critical` if injected content can change tool use or exfiltrate the system prompt; `High` otherwise.
- **Tool / function-call argument validation** — Model-produced tool arguments used to run an action (SQL, shell, file path, HTTP URL, DB write) **without validation**. Model output is untrusted at the action boundary: a model can be talked into calling `delete_user(id)` or fetching an attacker URL (SSRF). Require an allowlist / schema / scoping check before the action. `Critical`.
- **Output handling & schema validation** — Model output `JSON.parse`'d without try/catch or schema validation; structured-output assumed well-formed; model text rendered as HTML/markdown into the DOM without sanitization (→ XSS); output `eval`'d. `High`–`Critical`.
- **Secret & PII hygiene** — API keys/secrets embedded in prompt text; PII or full records sent to the model when not needed; system prompt (which may contain business logic or keys) returnable to the user via injection. `High`.
- **Eval / regression coverage** `[needs project context]` — A prompt, tool definition, or model-config change with **no eval/golden-task test** asserting behavior. Prompt changes are code changes with no compiler; shipping them untested is the LLM equivalent of no test coverage. If you can't see the project's eval setup, report as `[needs project context]: add a regression case for this prompt change`. `Medium`–`High`.
- **Token / cost & context** — Unbounded context growth (full history or whole-document RAG with no cap), missing `max_tokens`, retrieval that dumps oversized context, or agent/tool loops with no hop/iteration budget (runaway cost). `Medium`–`High`.
- **API call as a trust boundary** — Model API calls with no timeout, no retry/backoff, and no fallback path; a hung or rate-limited provider stalls the feature. `Medium`.
- **Model config** — Hardcoded or stale model IDs, temperature/seed assumptions, or silent reliance on a specific output format with no validation. `Low`–`Medium`.

## For Each Issue Found

1. Describe the problem concretely with **File:Line** reference
2. **Severity**: Critical / High / Medium / Low (per the shared contract — no other vocabulary)
3. **Fix**: specific remediation (delimit + label untrusted content; validate tool args against a schema/allowlist; wrap output parsing; add an eval case; cap tokens/context/loops)
4. Domain skills may add one extra labeled line — use `Boundary:` (where untrusted data crosses into the prompt/action) when it clarifies the risk

Then emit the required footer line:

```
SCORE: <0-100> | {critical:N, high:N, medium:N, low:N} | verdict: <pass|block>
```

**Clean pass:** if the diff has no LLM-app issues, say so explicitly and still emit the footer with `verdict: pass` and zero counts.

## Never

- Never flag issues in unchanged code — only the diff under review
- Never assert provider facts (model IDs, pricing, context limits) from memory — defer to the provider's docs / the `claude-api` reference skill
- Never report a finding without a concrete `File:Line` and a specific fix
- Never inflate severity — reserve Critical for exfiltration / RCE-class issues per the shared contract

## Communication

When dispatched by an orchestrator (`responseStyle: "orchestrator"`), report in `terse-report` style: the findings (severity + `File:Line` + fix), then the `SCORE:` footer as the last line. Call out the single highest-risk trust boundary in one line so the orchestrator can prioritize.

Related Skills

review-wordpress

5
from forbee-dev/ForgeBee

Use when reviewing WordPress plugin or theme code for WP coding standards (WPCS), security (nonces, sanitization, escaping), hook naming, text domains, or plugin architecture.

review-tests

5
from forbee-dev/ForgeBee

Use when reviewing test suites for coverage gaps, brittle mocks, missing edge cases, or untested code paths — runs after new code or before merging.

review-security

5
from forbee-dev/ForgeBee

Use when auditing code for OWASP Top 10 vulnerabilities, injection flaws, broken auth, secret exposure, or dependency CVEs — typically before shipping or after auth/data-handling changes.

review-performance

5
from forbee-dev/ForgeBee

Use when investigating slowness or reviewing code for N+1 queries, memory leaks, expensive loops, missing caching, bundle bloat, or render bottlenecks.

review-docs

5
from forbee-dev/ForgeBee

Use when reviewing code for missing docblocks, outdated comments, undocumented parameters, unexplained complex logic, or stale README sections.

review-database

5
from forbee-dev/ForgeBee

Use when reviewing SQL migrations, queries, RLS/policy changes, schema modifications, or ORM access patterns for safety, performance, or correctness.

review-code

5
from forbee-dev/ForgeBee

Use when reviewing staged or recent code changes for logic errors, DRY violations, error handling gaps, type safety issues, or dead code — narrower than review-all.

review-code-style

5
from forbee-dev/ForgeBee

Use when checking adherence to project conventions — import order, naming standards, TypeScript patterns, React idioms, file organization. Not formatting (use a linter).

review-best-practices

5
from forbee-dev/ForgeBee

Use when reviewing code for SOLID violations, design pattern misuse, leaky abstractions, separation of concerns, or architecture-level smells.

review-api

5
from forbee-dev/ForgeBee

Use when reviewing route handlers, REST/GraphQL endpoints, or API contracts — covers design, input validation, error shapes, auth, rate limiting, and REST consistency.

review-all

5
from forbee-dev/ForgeBee

Use when about to push, open a PR, or asking for a thorough pre-ship review — covers code quality, security, performance, accessibility, docs, and best practices in one pass.

review-accessibility

5
from forbee-dev/ForgeBee

Use when auditing UI changes for WCAG 2.1 AA compliance — keyboard nav, ARIA, color contrast, focus management, screen reader support, semantic HTML.