GitHub Review PR Skill

Description

This skill reviews GitHub pull requests with the rigor of a senior engineer. It analyzes diffs across multiple dimensions — correctness, security, performance, maintainability, and test coverage — and provides actionable, specific feedback.

Instructions

When the user asks you to review a PR, execute this workflow:

Step 1: Gather Context

Copy
# Get PR details
gh pr view 123 --json title,body,files,additions,deletions,baseRefName,headRefName

# Get the full diff
gh pr diff 123

# Check PR comments and review history
gh api repos/{owner}/{repo}/pulls/123/comments

Step 2: Multi-Perspective Analysis

Review the diff through each of these lenses:

Correctness:

• Logic errors, off-by-one bugs, null/undefined handling
• Edge cases not covered
• Race conditions in async code

Security:

• SQL injection, XSS, CSRF vulnerabilities
• Hardcoded secrets or credentials
• Missing input validation or sanitization
• Improper authentication/authorization checks

Performance:

• N+1 queries, missing indexes
• Unnecessary re-renders (React)
• Large payload sizes, missing pagination
• Missing caching opportunities

Maintainability:

• Code clarity and naming
• DRY violations, excessive complexity
• Missing or misleading comments
• Consistent patterns with rest of codebase

Testing:

• Are new code paths tested?
• Do tests actually assert the right behavior?
• Missing edge case tests
• Test quality (not just coverage)

Step 3: Generate Review

Copy
## PR Review: #123 — Add user dashboard

### Overall Assessment: APPROVE with suggestions

Solid implementation. The component structure is clean and the API design
follows existing patterns well. A few items to address before merging.

### Critical (must fix)
- **src/api/dashboard.ts:42** — SQL query concatenates user input directly.
  Use parameterized queries to prevent SQL injection:
  ```typescript
  // Instead of:
  const query = `SELECT * FROM stats WHERE user_id = '${userId}'`;
  // Use:
  const query = `SELECT * FROM stats WHERE user_id = $1`;
  const result = await db.query(query, [userId]);

Suggestions (nice to have)

• src/components/Dashboard.tsx:78 — Consider memoizing the statsData computation with useMemo since it runs on every render
• src/utils/format.ts:12 — This date formatting logic duplicates what's already in src/utils/dates.ts:34. Import from there instead.

Positive Notes

• Great test coverage on the API routes
• Clean separation of concerns between data fetching and display
• Good error handling with user-friendly messages

Test Coverage

• New API routes: Covered (3 tests)
• Dashboard component: Covered (2 tests)
• Edge cases: Missing test for empty data state

## Rules

- Always read the full diff before commenting
- Categorize findings: Critical (must fix), Suggestions (nice to have), Questions, Positive notes
- Provide specific line references and code suggestions, not vague feedback
- Acknowledge what's done well — reviews should not be only negative
- Check if the PR description matches what the code actually does
- Verify that tests exist for new functionality
- If the PR is too large (>500 lines), suggest splitting it
- Be respectful and constructive in tone
- Do not nitpick formatting if a linter/formatter is configured

## Examples

**User:** Review PR #123
**Action:** Fetch diff, analyze across all dimensions, generate structured review

**User:** Review https://github.com/org/repo/pull/123
**Action:** Same workflow, extract PR number from URL

**User:** Quick review of my latest PR
**Action:** Find the most recent open PR by the user, review it