github-code-review
Practical GitHub code review workflow with local diff inspection, PR review, inline comments, approval/request-changes decisions, and optional multi-agent review overlays.
Best use case
github-code-review is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Practical GitHub code review workflow with local diff inspection, PR review, inline comments, approval/request-changes decisions, and optional multi-agent review overlays.
Teams using github-code-review should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/code-review/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How github-code-review Compares
| Feature / Agent | github-code-review | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Practical GitHub code review workflow with local diff inspection, PR review, inline comments, approval/request-changes decisions, and optional multi-agent review overlays.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
AI Agents for Coding
Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.
Cursor vs Codex for AI Workflows
Compare Cursor and Codex for AI coding workflows, repository assistance, debugging, refactoring, and reusable developer skills.
SKILL.md Source
# GitHub Code Review ## Overview Use this skill when reviewing commits or pull requests on GitHub. It combines the repo's multi-agent review intent with the concrete gh-driven workflow from Hermes. ## Quick Start ```bash # View PR metadata gh pr view 123 --json files,additions,deletions,title,body,author # Review diff gh pr diff 123 # Check out locally if needed gh pr checkout 123 # Approve gh pr review 123 --approve --body "APPROVE: looks good." # Request changes gh pr review 123 --request-changes --body "MAJOR: please address the items below." # Comment only gh pr review 123 --comment --body "MINOR: a few follow-ups below." ``` ## When to Use - Review pull requests before merge - Review a local diff before opening a PR - Leave inline GitHub comments on specific files/lines - Perform adversarial review for security, performance, architecture, and test quality - Run a multi-agent review where Codex/Codex/Gemini each provide a distinct perspective ## Review Workflow 1. Inspect scope - `gh pr view <N> --json files,additions,deletions,title,body` - `gh pr diff <N>` 2. Pull locally when needed - `gh pr checkout <N>` - run tests, linters, or targeted repro steps 3. Review against checklist below 4. Leave review comments 5. Submit verdict ## Review Checklist - Correctness - Does the change do what the issue/plan requires? - Any broken edge cases or regressions? - Security - Injection risks? - Missing auth/validation? - Secrets or unsafe defaults? - Quality - Names, structure, duplication, maintainability - Testing - Meaningful coverage? - TDD evidence or regression test? - Performance - Obvious N+1, excessive scans, slow paths, unnecessary allocations - Documentation - Need updates to README, AGENTS, docs, comments, or migration notes? ## Local Diff Review Use this before PR creation or when GitHub is unavailable: ```bash git diff --stat main...HEAD git diff main...HEAD ``` Recommended review summary format: ```text Summary: <1-3 sentences> Critical Issues: - <must-fix item> Important Issues: - <should-fix item> Minor Issues: - <nice-to-have> Strengths: - <what is good> Verdict: APPROVE | MINOR | MAJOR | REJECT ``` ## Inline Commenting ```bash gh api repos/:owner/:repo/pulls/123/comments \ -f body='Potential null dereference here.' \ -f commit_id='SHA' \ -f path='src/module.py' \ -F line=42 ``` A reusable review output template is preserved at: - `references/review-output-template.md` ## Multi-Agent Review Mode Use this when you want more than one reviewer: - Codex: orchestration, architecture, synthesis - Codex: adversarial code review, implementation-focused criticism - Gemini: third-lane synthesis, alternate perspective, large-context review Treat the final decision as the merged outcome of all collected reviews, not just the first positive response. ## Verdict Guidance - APPROVE - No meaningful issues found; safe to merge - MINOR - Small follow-ups or polish items; merge can proceed with discretion - MAJOR - Significant correctness, security, testing, or architecture concerns; fix before merge - REJECT - Fundamentally unsafe, mis-scoped, or not ready for merge ## Supplemental Generic Review Checklist This checklist was preserved from the former `software-development/code-review` path during deduplication. ### 1. Security First - [ ] No hardcoded secrets, API keys, or credentials - [ ] Input validation on all user-provided data - [ ] SQL queries use parameterized statements (no string concatenation) - [ ] File operations validate paths (no path traversal) - [ ] Authentication/authorization checks present where needed ### 2. Error Handling - [ ] All external calls (API, DB, file) have try/catch - [ ] Errors are logged with context (but no sensitive data) - [ ] User-facing errors are helpful but don't leak internals - [ ] Resources are cleaned up in finally blocks or context managers ### 3. Code Quality - [ ] Functions do one thing and are reasonably sized (<50 lines ideal) - [ ] Variable names are descriptive (no single letters except loops) - [ ] No commented-out code left behind - [ ] Complex logic has explanatory comments - [ ] No duplicate code (DRY principle) ### 4. Testing Considerations - [ ] Edge cases handled (empty inputs, nulls, boundaries) - [ ] Happy path and error paths both work - [ ] New code has corresponding tests (if test suite exists) ## Notes - Prefer specific, actionable comments over vague criticism - Cite file paths and line ranges when possible - For high-risk changes, run code/tests locally before approving - Multi-agent review is an overlay, not a substitute for concrete diff inspection
Related Skills
plan-review-prompt-refresh-after-plan-edits
Refresh reviewer prompt files from the latest on-disk plan before every adversarial re-review. Prevents Codex/Gemini from critiquing stale plan text after local edits.
tdd-verification-and-adversarial-review
Verify pre-written TDD tests pass, conduct adversarial code review on committed diffs, and route findings to existing issues
tax-filing-session-setup-with-github-tracking
Structured workflow for preparing and tracking a tax filing session using prepared documents, task checklist, and GitHub issue cross-referencing
tax-filing-session-setup-with-github-traceability
Structured workflow for setting up a multi-file tax filing session with GitHub issue tracking and prepared-file validation
multi-role-agent-contract-review-pipeline
Execute a 4-role agent team (Planner/Architect/Reviewer/Integrator) pipeline for self-reviewing knowledge artifacts before delivery
gsd-adversarial-review-pattern
Catch hidden test failures by running adversarial review on sparse-data edge cases before final push
github-issue-structure-for-personal-finance-tracking
Pattern for organizing financial analysis work across multiple repos (data/config vs. logic separation)
adversarial-code-review-tdd
Systematic adversarial review pattern to identify breaking assumptions in already-passing test suites
adversarial-code-review-for-committed-diffs
Systematic process for reviewing already-committed code changes to catch type inconsistencies, edge cases, and docstring gaps
adversarial-code-review-and-fix
Systematic pattern for catching design flaws in already-passing code through adversarial review, then fixing them with TDD confirmation.
learned-git-worktree-hook-path-and-real-hook-shape-review
Catch hook-installation and governance bugs that only appear in linked git worktrees or against the real generated hook shape, not simplified test fixtures.
ten-agent-pre-plan-review-wave
Launch and verify a 10-agent planning-only wave that moves open GitHub issues into status:plan-review using one isolated worktree per issue, wave-specific continuation cron, and post-run artifact-reconciliation checks.