read-only-gh-pr-review

The read-only-gh-pr-review skill provides a specialized, security-hardened environment for conducting technical code reviews on backend pull requests. Designed for software engineers, security auditors, and technical leads, this agent skill leverages the GitHub CLI to fetch and analyze PR metadata, diffs, and check statuses without the risk of accidental mutations. By sourcing a protected environment script, all GitHub CLI operations are intercepted to ensure no write commands—such as commenting, merging, or editing—can be executed, maintaining strict compliance with organizational security policies.

• Performs end-to-end backend code inspection using local repository state, including Grep, LS, Glob, and Read utilities for deep analysis.

• Executes GitHub CLI queries to fetch PR files, review comments, status checks, and metadata for comprehensive context gathering.

• Applies a risk-first review checklist focusing on critical backend concerns: service-layer architecture, API contract stability, database schema integrity, concurrency safety, and transaction handling.

• Delivers structured, actionable feedback categorized into critical fixes, important improvements, suggestions, and recognized good practices.

• Operates in a sandboxed shell environment that blocks all GitHub API mutation endpoints (merging, closing, assigning, commenting) to guarantee read-only status.

• Ideal for auditing sensitive backend repositories where review processes must remain decoupled from state-changing actions.

• Requires local authentication via gh auth login; users must source the activation script before execution to enable the interception layer.

• Recommended for reviewing complex service changes, database migrations, or high-risk business logic where security and performance are paramount.

• Outputs must be delivered directly in the chat interface; users are instructed to manually apply approved changes or feedback to the source repository.

• Provides high-signal, objective analysis based on the PR diff, commit history, and current local branch state to identify defects or potential regressions early in the development lifecycle.