name: code-review-pro
description: Comprehensive code review covering security vulnerabilities, performance bottlenecks, best practices, and refactoring opportunities. Use when user requests code review, security audit, or performance analysis.

Code Review Pro

Deep code analysis covering security, performance, maintainability, and best practices.

When to Use This Skill

Activate when the user:
- Asks for a code review
- Wants security vulnerability scanning
- Needs performance analysis
- Asks to "review this code" or "audit this code"
- Mentions finding bugs or improvements
- Wants refactoring suggestions
- Requests best practice validation

Instructions

1. Security Analysis (Critical Priority)
2. SQL injection vulnerabilities
3. XSS (cross-site scripting) risks
4. Authentication/authorization issues
5. Secrets or credentials in code
6. Unsafe deserialization
7. Path traversal vulnerabilities
8. CSRF protection
9. Input validation gaps
10. Insecure cryptography

11. Dependency vulnerabilities

12. Performance Analysis

13. N+1 query problems
14. Inefficient algorithms (check Big O complexity)
15. Memory leaks
16. Unnecessary re-renders (React/Vue)
17. Missing indexes (database queries)
18. Blocking operations
19. Resource cleanup (file handles, connections)
20. Caching opportunities
21. Excessive network calls

22. Large bundle sizes

23. Code Quality & Maintainability

24. Code duplication (DRY violations)
25. Function/method length (should be <50 lines)
26. Cyclomatic complexity
27. Unclear naming
28. Missing error handling
29. Inconsistent style
30. Missing documentation
31. Hard-coded values that should be constants
32. God classes/functions

33. Tight coupling

34. Best Practices

35. Language-specific idioms
36. Framework conventions
37. SOLID principles
38. Design patterns usage
39. Testing approach
40. Logging and monitoring
41. Accessibility (for UI code)
42. Type safety

43. Null/undefined handling

44. Bugs and Edge Cases

45. Logic errors
46. Off-by-one errors
47. Race conditions
48. Null pointer exceptions
49. Unhandled edge cases
50. Timezone issues
51. Encoding problems

52. Floating point precision

53. Provide Actionable Fixes

54. Show specific code changes
55. Explain why change is needed
56. Include before/after examples
57. Prioritize by severity

Output Format

# Code Review Report

## 🚨 Critical Issues (Fix Immediately)
### 1. SQL Injection Vulnerability (line X)
**Severity**: Critical
**Issue**: User input directly concatenated into SQL query
**Impact**: Database compromise, data theft

**Current Code:**
```javascript
const query = `SELECT * FROM users WHERE email = '${userEmail}'`;

Fixed Code:

const query = 'SELECT * FROM users WHERE email = ?';
db.query(query, [userEmail]);

Explanation: Always use parameterized queries to prevent SQL injection.

⚠️ High Priority Issues

2. Performance: N+1 Query Problem (line Y)

[Details...]

💡 Medium Priority Issues

3. Code Quality: Function Too Long (line Z)

[Details...]

✅ Low Priority / Nice to Have

4. Consider Using Const Instead of Let

[Details...]

📊 Summary

• Total Issues: 12
• Critical: 2
• High: 4
• Medium: 4
• Low: 2

🎯 Quick Wins

Changes with high impact and low effort:
1. [Fix 1]
2. [Fix 2]

🏆 Strengths

• Good error handling in X
• Clear naming conventions
• Well-structured modules

🔄 Refactoring Opportunities

1. Extract Method: Lines X-Y could be extracted into calculateDiscount()
2. Remove Duplication: [specific code blocks]

📚 Resources

• OWASP SQL Injection Guide
• Performance Best Practices
  ```

Examples

User: "Review this authentication code"
Response: Analyze auth logic → Identify security issues (weak password hashing, no rate limiting) → Check token handling → Note missing CSRF protection → Provide specific fixes with code examples → Prioritize by severity

User: "Can you find performance issues in this React component?"
Response: Analyze component → Identify unnecessary re-renders → Find missing useMemo/useCallback → Note large state objects → Check for expensive operations in render → Provide optimized version with explanations

User: "Review this API endpoint"
Response: Check input validation → Analyze error handling → Test for SQL injection → Review authentication → Check rate limiting → Examine response structure → Suggest improvements with code samples

Best Practices

• Always prioritize security issues first
• Provide specific line numbers for issues
• Include before/after code examples
• Explain why something is a problem
• Consider the language/framework context
• Don't just criticize—acknowledge good code too
• Suggest gradual improvements for large refactors
• Link to documentation for recommendations
• Consider project constraints (legacy code, deadlines)
• Balance perfectionism with pragmatism
• Focus on impactful changes
• Group similar issues together
• Make recommendations actionable