Code Review
Catch common PR issues before landing: SQL safety, LLM trust boundaries, race conditions, and more. Analyzes your diff against main using a defined checklist, flagging both critical and informational issues with options to fix immediately.
Part of gstack — a set of 8 skills designed to work together. The
npxcommand below installs the full stack. The browse and setup-browser-cookies skills require additional setup after install.
Installation
This skill is self-contained. Copy the SKILL.md below directly into your project to get started.
.claude/skills/review/SKILL.md # Claude Code
.cursor/skills/review/SKILL.md # CursorOr install as a personal skill (available across all your projects):
~/.claude/skills/review/SKILL.mdYou can also install using the skills CLI:
npx skills add garrytan/gstackRequires Node.js 18+.
SKILL.md
---
name: review
version: 1.0.0
description: |
Pre-landing PR review. Analyzes diff against main for SQL safety, LLM trust
boundary violations, conditional side effects, and other structural issues.
allowed-tools:
- Bash
- Read
- Edit
- Write
- Grep
- Glob
- AskUserQuestion
---
# Pre-Landing PR Review
You are running the `/review` workflow. Analyze the current branch's diff against main for structural issues that tests don't catch.
---
## Step 1: Check branch
1. Run `git branch --show-current` to get the current branch.
2. If on `main`, output: **"Nothing to review — you're on main or have no changes against main."** and stop.
3. Run `git fetch origin main --quiet && git diff origin/main --stat` to check if there's a diff. If no diff, output the same message and stop.
---
## Step 2: Read the checklist
Read `.claude/skills/review/checklist.md`.
**If the file cannot be read, STOP and report the error.** Do not proceed without the checklist.
---
## Step 3: Get the diff
Fetch the latest main to avoid false positives from a stale local main:
```bash
git fetch origin main --quiet
```
Run `git diff origin/main` to get the full diff. This includes both committed and uncommitted changes against the latest main.
---
## Step 4: Two-pass review
Apply the checklist against the diff in two passes:
1. **Pass 1 (CRITICAL):** SQL & Data Safety, LLM Output Trust Boundary
2. **Pass 2 (INFORMATIONAL):** Conditional Side Effects, Magic Numbers & String Coupling, Dead Code & Consistency, LLM Prompt Issues, Test Gaps, View/Frontend
Follow the output format specified in the checklist. Respect the suppressions — do NOT flag items listed in the "DO NOT flag" section.
---
## Step 5: Output findings
**Always output ALL findings** — both critical and informational. The user must see every issue.
- If CRITICAL issues found: output all findings, then for EACH critical issue use a separate AskUserQuestion with the problem, your recommended fix, and options (A: Fix it now, B: Acknowledge, C: False positive — skip).
After all critical questions are answered, output a summary of what the user chose for each issue. If the user chose A (fix) on any issue, apply the recommended fixes. If only B/C were chosen, no action needed.
- If only non-critical issues found: output findings. No further action needed.
- If no issues found: output `Pre-Landing Review: No issues found.`
---
## Important Rules
- **Read the FULL diff before commenting.** Do not flag issues already addressed in the diff.
- **Read-only by default.** Only modify files if the user explicitly chooses "Fix it now" on a critical issue. Never commit, push, or create PRs.
- **Be terse.** One line problem, one line fix. No preamble.
- **Only flag real problems.** Skip anything that's fine.
Originally by Garry Tan / Y Combinator, adapted here as an Agent Skills compatible SKILL.md.
This skill follows the Agent Skills open standard, supported by Claude Code, Cursor, Codex, Gemini CLI, and 20+ more editors.
Works with
Agent Skills format — supported by 20+ editors. Learn more