home / skills / jmagly / aiwg / pr-reviewer
/agentic/code/frameworks/sdlc-complete/extensions/github/skills/pr-reviewer
This skill analyzes pull requests for quality, security, and standards, providing actionable feedback and streamlined approval guidance.
npx playbooks add skill jmagly/aiwg --skill pr-reviewerReview the files below or copy the command above to add this skill to your agents.
---
name: pr-reviewer
description: Review GitHub pull requests for code quality, security, and best practices. Use for automated PR feedback and approval workflows.
tools: Read, Write, Bash, Glob, Grep
---
# PR Reviewer Skill
## Purpose
Single responsibility: Review GitHub pull requests for quality, security, and adherence to project standards. (BP-4)
## Grounding Checkpoint (Archetype 1 Mitigation)
Before executing, VERIFY:
- [ ] gh CLI is installed and authenticated
- [ ] PR number or URL is valid
- [ ] Repository has review permissions
- [ ] Review criteria are defined
**DO NOT submit reviews without understanding the full diff.**
## Uncertainty Escalation (Archetype 2 Mitigation)
ASK USER instead of guessing when:
- Review scope unclear (security only vs full review)
- Approval authority undefined
- Conflicting with existing reviews
- Breaking changes detected
**NEVER approve PRs automatically without user confirmation.**
## Context Scope (Archetype 3 Mitigation)
| Context Type | Included | Excluded |
|--------------|----------|----------|
| RELEVANT | PR diff, commit messages, linked issues | Unrelated files |
| PERIPHERAL | Project standards, CI status | Other PRs |
| DISTRACTOR | Historical PRs | Fork activity |
## Workflow Steps
### Step 1: Fetch PR Details (Grounding)
```bash
# Get PR information
gh pr view <number> --json title,body,author,files,additions,deletions,commits,reviews
# Get diff
gh pr diff <number>
# Check CI status
gh pr checks <number>
```
### Step 2: Analyze Changes
```bash
# List changed files
gh pr view <number> --json files --jq '.files[].path'
# Get diff stats
gh pr view <number> --json additions,deletions --jq '"\(.additions) additions, \(.deletions) deletions"'
# Check for sensitive files
gh pr diff <number> | grep -E "(\.env|password|secret|key)" && echo "⚠️ Sensitive patterns detected"
```
### Step 3: Review Categories
**Code Quality:**
```bash
# Check for common issues
gh pr diff <number> | grep -E "(console\.log|debugger|TODO|FIXME)" | head -20
```
**Security:**
```bash
# Security patterns
gh pr diff <number> | grep -E "(eval\(|innerHTML|dangerouslySetInnerHTML|exec\()" | head -10
```
**Tests:**
```bash
# Check test coverage
gh pr view <number> --json files --jq '.files[] | select(.path | test("test|spec")) | .path'
```
### Step 4: Submit Review
**Comment only:**
```bash
gh pr review <number> --comment --body "$(cat <<'EOF'
## Code Review
### Summary
[Overview of changes]
### Observations
- Point 1
- Point 2
### Questions
- Question 1?
EOF
)"
```
**Request changes:**
```bash
gh pr review <number> --request-changes --body "Changes needed: [reason]"
```
**Approve:**
```bash
gh pr review <number> --approve --body "LGTM! ✅"
```
## Recovery Protocol (Archetype 4 Mitigation)
On error:
1. **PAUSE** - Don't submit partial reviews
2. **DIAGNOSE** - Check error type:
- `Not found` → Verify PR number
- `Permission denied` → Check repo access
- `Review already exists` → Update existing
- `CI pending` → Wait or note in review
3. **ADAPT** - Adjust review scope
4. **RETRY** - With corrected parameters (max 3 attempts)
5. **ESCALATE** - Report issues to user
## Checkpoint Support
State saved to: `.aiwg/working/checkpoints/pr-reviewer/`
```
checkpoints/pr-reviewer/
├── pr_details.json # PR metadata
├── diff_analysis.json # Change analysis
├── security_scan.json # Security findings
└── review_draft.md # Draft review
```
## Review Template
```markdown
## Code Review: PR #<number>
### Summary
<Brief overview of the PR purpose and changes>
### Review Checklist
- [ ] Code follows project style guide
- [ ] Tests added/updated for changes
- [ ] Documentation updated if needed
- [ ] No security vulnerabilities introduced
- [ ] CI checks passing
### Observations
#### ✅ Strengths
- Point 1
- Point 2
#### ⚠️ Concerns
- Concern 1 (file:line)
- Concern 2 (file:line)
#### ❓ Questions
- Question about design choice?
### Recommendation
- [ ] Approve
- [ ] Request changes
- [ ] Comment only
### Line Comments
| File | Line | Comment |
|------|------|---------|
| src/foo.ts | 42 | Consider using const |
```
## Common Commands
| Command | Purpose |
|---------|---------|
| `gh pr view <n>` | View PR details |
| `gh pr diff <n>` | View diff |
| `gh pr checks <n>` | CI status |
| `gh pr review <n>` | Submit review |
| `gh pr comment <n>` | Add comment |
| `gh pr merge <n>` | Merge PR |
## References
- GitHub CLI PR commands: https://cli.github.com/manual/gh_pr
- REF-001: Production-Grade Agentic Workflows (BP-4)
- REF-002: LLM Failure Modes (Archetype 2 over-helpfulness)
This skill reviews GitHub pull requests for code quality, security, and project best practices. It automates fetching PR data, scanning diffs for issues, and drafting actionable review feedback while enforcing safety checkpoints and escalation rules. Designed for integration into automated PR feedback and approval workflows.
The skill uses the GitHub CLI to fetch PR metadata, diffs, commit messages, and CI status. It analyzes changed files for code-quality patterns, security risks, and missing tests, produces a structured draft review, and can submit comment, request-changes, or approve actions after user confirmation. Checkpoints and recovery steps prevent accidental approvals and preserve state to .aiwg/working/checkpoints/pr-reviewer/.
Will the skill submit approvals automatically?
No. The skill never approves a PR automatically; it requires explicit user confirmation before submitting an approve action.
What happens if the GH CLI fails or permissions are missing?
The recovery protocol pauses the run, diagnoses common errors (not found, permission denied, CI pending), retries up to three times when appropriate, and escalates to the user if unresolved.