{"id":"2efa173b-7cdd-4113-9c3b-e1e94cc6891d","shortId":"zzDXAC","kind":"skill","title":"read-only-gh-pr-review","tagline":"Review backend pull requests for correctness, security, performance, maintainability, and test coverage using GitHub CLI plus local repository inspection. Use when asked to review service-layer/API/database changes, audit backend branch diffs, summarize backend risk, or produce a","description":"# PR Review (Backend, GitHub CLI)\n\n## Overview\n\nReview backend pull requests end-to-end using local code analysis and GitHub CLI API calls. Report only actionable, high-signal findings.\n\n## Tool Constraints\n\n- Use only: `SemanticSearch`, `WebSearch`, `Grep`, `LS`, `Glob`, `Read`, `Shell`, `GitHub CLI`.\n- **Before any `gh` command**, source the read-only environment script to enable security enforcement:\n  ```bash\n  source \"<SKILL_DIR>/scripts/activate-gh-readonly.sh\"\n  ```\n  Replace `<SKILL_DIR>` with the absolute path to this skill directory.\n- After sourcing, use `gh` commands directly—they are intercepted by the read-only wrapper.\n- Verify CLI auth first with `gh auth status`. If not authenticated, ask the user to run `gh auth login`.\n- Enforce strict read-only mode at all times.\n- Never attempt any write operation, including comments, reviews, edits, assignments, merges, closes, reopens, or API mutations.\n- If a requested command is blocked by the wrapper, do not try alternatives that can mutate state.\n- The read-only wrapper blocks `command gh` and other bypass attempts.\n\n## Workflow\n\n1. Enable read-only environment.\n   - Source the environment script: `source \"<SKILL_DIR>/scripts/activate-gh-readonly.sh\"`\n   - All subsequent `gh` commands in this shell session are now protected.\n2. Prepare review context.\n   - Confirm identity and auth: `gh auth status`, `gh api user`.\n   - Resolve repository owner/name from the current repo or pass `-R <OWNER>/<REPO>`.\n3. Resolve the target PR.\n   - Use `gh pr view <PR_NUMBER> [--json <fields>]` when PR number is known.\n   - Otherwise shortlist with `gh pr list [flags]` and pick the target PR.\n4. Sync local repository to the latest PR branch code.\n   - Fetch the latest remote state for the PR head branch before reviewing code.\n   - Example flow:\n     - Get head branch name from PR metadata (`headRefName`).\n     - Run `git fetch --prune origin <HEAD_BRANCH>`.\n     - Review files from `FETCH_HEAD` or check out a local review branch from it.\n5. Gather full PR evidence before judging.\n   - Metadata: `gh pr view <PR_NUMBER> [--json <fields>]`\n   - Diff: `gh pr diff <PR_NUMBER> [--patch|--name-only]`\n   - Changed files: `gh api repos/<OWNER>/<REPO>/pulls/<PR_NUMBER>/files --paginate`\n   - Reviews: `gh api repos/<OWNER>/<REPO>/pulls/<PR_NUMBER>/reviews --paginate`\n   - Checks: `gh pr checks <PR_NUMBER> [--json <fields>]`\n   - Comments:\n     - `gh pr view <PR_NUMBER> --comments`\n     - `gh api repos/<OWNER>/<REPO>/issues/<PR_NUMBER>/comments --paginate`\n     - `gh api repos/<OWNER>/<REPO>/pulls/<PR_NUMBER>/comments --paginate`\n6. Inspect changed backend code deeply.\n   - Read all high-risk touched files locally (`Read`, `Grep`) and correlate with diff hunks.\n   - Prioritize request handlers/controllers, business services, authorization logic, database queries, migrations, background jobs, and queue/event handlers.\n   - Verify idempotency, transaction safety, concurrency behavior, retry behavior, and backward compatibility for public API contracts.\n   - Use `gh api repos/<OWNER>/<REPO>/contents/<PATH>?ref=<REF>` when exact remote content is needed (content is usually base64 in `.content`).\n7. Apply review checklist with risk-first ordering.\n   - Use `references/review-checklist.md`.\n   - Cover security, correctness, data integrity, API compatibility, performance, and test sufficiency before style concerns.\n8. Produce actionable review output.\n   - Report only issues that are likely defects, regressions, or maintainability risks.\n   - Include exact `file:line`, impact, and concrete fix guidance.\n   - End with residual risk and missing validation/testing assumptions.\n   - Return findings in chat only; do not write any comment or review back to GitHub.\n\n## Response Format\n\nUse this section order:\n\n1. `Critical Issues (Must Fix)`\n2. `Important Issues (Should Fix)`\n3. `Suggestions (Consider)`\n4. `Good Practices Noted`\n\nFor each issue, use:\n\n```text\nIssue: <brief description>\nLocation: <file:line>\nSeverity: <Critical|High|Medium|Low>\nProblematic Code: <snippet or precise behavior>\nSuggestion: <specific fix>\nExample: <optional patch-style snippet>\n```\n\n## GitHub CLI API Equivalents\n\nUse command mappings in `references/github-cli-map.md`.\n\n## Review Tone\n\n- Be constructive and specific.\n- Explain impact and rationale.\n- Assume positive intent.\n- Prefer concise, high-confidence feedback.","tags":["read","only","review","agent","skills","jawwadfirdousi","agent-skills","ai-agents","ai-tools","automation","developer-tools","prompt-engineering"],"capabilities":["skill","source-jawwadfirdousi","skill-read-only-gh-pr-review","topic-agent","topic-agent-skills","topic-ai-agents","topic-ai-tools","topic-automation","topic-developer-tools","topic-prompt-engineering","topic-prompt-template","topic-skills","topic-workflow-automation"],"categories":["agent-skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/jawwadfirdousi/agent-skills/read-only-gh-pr-review","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add jawwadfirdousi/agent-skills","source_repo":"https://github.com/jawwadfirdousi/agent-skills","install_from":"skills.sh"}},"qualityScore":"0.455","qualityRationale":"deterministic score 0.46 from registry signals: · indexed on github topic:agent-skills · 10 github stars · SKILL.md body (4,391 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T19:08:12.715Z","embedding":null,"createdAt":"2026-05-18T13:13:40.585Z","updatedAt":"2026-05-18T19:08:12.715Z","lastSeenAt":"2026-05-18T19:08:12.715Z","tsv":"'/api/database':34 '/comments':380,386 '/contents':443 '/files':357 '/issues':379 '/pulls':356,363,385 '/reviews':364 '/scripts/activate-gh-readonly.sh':106,216 '1':205,536 '2':228,541 '3':252,546 '4':279,549 '5':331 '6':388 '7':457 '8':482 'absolut':110 'action':71,484 'altern':187 'analysi':63 'api':67,173,240,354,361,377,383,437,441,473,571 'appli':458 'ask':28,142 'assign':168 'assum':588 'assumpt':514 'attempt':160,203 'audit':36 'auth':133,137,148,235,237 'authent':141 'author':414 'back':527 'backend':8,37,41,48,53,391 'background':419 'backward':433 'base64':454 'bash':104 'behavior':429,431 'block':180,197 'branch':38,287,298,306,328 'busi':412 'bypass':202 'call':68 'chang':35,351,390 'chat':518 'check':323,366,369 'checklist':460 'cli':21,50,66,88,132,570 'close':170 'code':62,288,301,392,566 'command':92,120,178,198,220,574 'comment':165,371,375,524 'compat':434,474 'concern':481 'concis':592 'concret':504 'concurr':428 'confid':595 'confirm':232 'consid':548 'constraint':77 'construct':581 'content':448,451,456 'context':231 'contract':438 'correct':12,470 'correl':405 'cover':468 'coverag':18 'critic':537,561 'current':247 'data':471 'databas':416 'deepli':393 'defect':493 'diff':39,343,346,407 'direct':121 'directori':115 'edit':167 'enabl':101,206 'end':57,59,507 'end-to-end':56 'enforc':103,150 'environ':98,210,213 'equival':572 'evid':335 'exact':446,499 'exampl':302,568 'explain':584 'feedback':596 'fetch':289,314,320 'file':318,352,400,500 'find':75,516 'first':134,464 'fix':505,540,545 'flag':273 'flow':303 'format':531 'full':333 'gather':332 'get':304 'gh':4,91,119,136,147,199,219,236,239,258,270,339,344,353,360,367,372,376,382,440 'git':313 'github':20,49,65,87,529,569 'glob':84 'good':550 'grep':82,403 'guidanc':506 'handler':423 'handlers/controllers':411 'head':297,305,321 'headrefnam':311 'high':73,397,562,594 'high-confid':593 'high-risk':396 'high-sign':72 'hunk':408 'idempot':425 'ident':233 'impact':502,585 'import':542 'includ':164,498 'inspect':25,389 'integr':472 'intent':590 'intercept':124 'issu':489,538,543,555,558 'job':420 'json':261,342,370 'judg':337 'known':266 'latest':285,291 'layer':33 'like':492 'line':501 'list':272 'local':23,61,281,326,401 'locat':559 'logic':415 'login':149 'low':564 'ls':83 'maintain':15,496 'map':575 'medium':563 'merg':169 'metadata':310,338 'migrat':418 'miss':512 'mode':155 'must':539 'mutat':174,190 'name':307,349 'name-on':348 'need':450 'never':159 'note':552 'number':264 'oper':163 'order':465,535 'origin':316 'otherwis':267 'output':486 'overview':51 'owner/name':244 'pagin':358,365,381,387 'pass':250 'patch':347 'path':111 'perform':14,475 'pick':275 'plus':22 'posit':589 'pr':5,46,256,259,263,271,278,286,296,309,334,340,345,368,373 'practic':551 'prefer':591 'prepar':229 'priorit':409 'problemat':565 'produc':44,483 'protect':227 'prune':315 'public':436 'pull':9,54 'queri':417 'queue/event':422 'r':251 'rational':587 'read':2,85,96,128,153,194,208,394,402 'read-on':95,127,152,193,207 'read-only-gh-pr-review':1 'ref':444 'references/github-cli-map.md':577 'references/review-checklist.md':467 'regress':494 'remot':292,447 'reopen':171 'replac':107 'repo':248,355,362,378,384,442 'report':69,487 'repositori':24,243,282 'request':10,55,177,410 'residu':509 'resolv':242,253 'respons':530 'retri':430 'return':515 'review':6,7,30,47,52,166,230,300,317,327,359,459,485,526,578 'risk':42,398,463,497,510 'risk-first':462 'run':146,312 'safeti':427 'script':99,214 'section':534 'secur':13,102,469 'semanticsearch':80 'servic':32,413 'service-lay':31 'session':224 'sever':560 'shell':86,223 'shortlist':268 'signal':74 'skill':114 'skill-read-only-gh-pr-review' 'sourc':93,105,117,211,215 'source-jawwadfirdousi' 'specif':583 'state':191,293 'status':138,238 'strict':151 'style':480 'subsequ':218 'suffici':478 'suggest':547,567 'summar':40 'sync':280 'target':255,277 'test':17,477 'text':557 'time':158 'tone':579 'tool':76 'topic-agent' 'topic-agent-skills' 'topic-ai-agents' 'topic-ai-tools' 'topic-automation' 'topic-developer-tools' 'topic-prompt-engineering' 'topic-prompt-template' 'topic-skills' 'topic-workflow-automation' 'touch':399 'transact':426 'tri':186 'use':19,26,60,78,118,257,439,466,532,556,573 'user':144,241 'usual':453 'validation/testing':513 'verifi':131,424 'view':260,341,374 'websearch':81 'workflow':204 'wrapper':130,183,196 'write':162,522","prices":[{"id":"7d7936e7-e6f0-407a-8b9d-7e9b4dbd5a2c","listingId":"2efa173b-7cdd-4113-9c3b-e1e94cc6891d","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"jawwadfirdousi","category":"agent-skills","install_from":"skills.sh"},"createdAt":"2026-05-18T13:13:40.585Z"}],"sources":[{"listingId":"2efa173b-7cdd-4113-9c3b-e1e94cc6891d","source":"github","sourceId":"jawwadfirdousi/agent-skills/read-only-gh-pr-review","sourceUrl":"https://github.com/jawwadfirdousi/agent-skills/tree/main/skills/read-only-gh-pr-review","isPrimary":false,"firstSeenAt":"2026-05-18T13:13:40.585Z","lastSeenAt":"2026-05-18T19:08:12.715Z"}],"details":{"listingId":"2efa173b-7cdd-4113-9c3b-e1e94cc6891d","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"jawwadfirdousi","slug":"read-only-gh-pr-review","github":{"repo":"jawwadfirdousi/agent-skills","stars":10,"topics":["agent","agent-skills","ai-agents","ai-tools","automation","developer-tools","prompt-engineering","prompt-template","skills","workflow-automation"],"license":null,"html_url":"https://github.com/jawwadfirdousi/agent-skills","pushed_at":"2026-05-05T20:09:54Z","description":"Reusable AI agent skill definitions","skill_md_sha":"ed6a9380a6cb6b7a7d1c57b4ed5a1a61127bd249","skill_md_path":"skills/read-only-gh-pr-review/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/jawwadfirdousi/agent-skills/tree/main/skills/read-only-gh-pr-review"},"layout":"multi","source":"github","category":"agent-skills","frontmatter":{"name":"read-only-gh-pr-review","description":"Review backend pull requests for correctness, security, performance, maintainability, and test coverage using GitHub CLI plus local repository inspection. Use when asked to review service-layer/API/database changes, audit backend branch diffs, summarize backend risk, or produce actionable must-fix/should-fix feedback.","compatibility":"Requires GitHub CLI (gh), an authenticated GitHub account, and network access."},"skills_sh_url":"https://skills.sh/jawwadfirdousi/agent-skills/read-only-gh-pr-review"},"updatedAt":"2026-05-18T19:08:12.715Z"}}