Use when adding new error messages to React, or seeing "unknown error code" warnings.
improve-pr
85
13
# Install this skill:
npx skills add Smana/cloud-native-ref --skill "improve-pr"
Install specific skill from multi-skill repository
# Description
Comprehensive PR analysis with security review, code quality assessment, and automatic improvements. Use when reviewing PRs for security issues, performance optimizations, or best practices violations. Provides multi-dimensional analysis with safe auto-apply options.
# SKILL.md
name: improve-pr
description: Comprehensive PR analysis with security review, code quality assessment, and automatic improvements. Use when reviewing PRs for security issues, performance optimizations, or best practices violations. Provides multi-dimensional analysis with safe auto-apply options.
allowed-tools: Bash(gh:), Bash(git:), Edit, Write, Read
Improve PR Skill
Performs comprehensive PR analysis combining security review, best practices assessment, and actionable code improvements with auto-apply capability.
Usage
/improve-pr <pr-number>
Workflow
Step 1: Fetch PR and Checkout Branch
# Get PR details
PR_INFO=$(gh pr view $ARGUMENTS --json headRefName,baseRefName,files,title,additions,deletions)
HEAD_BRANCH=$(echo $PR_INFO | jq -r '.headRefName')
# Checkout the PR branch
git fetch origin
git checkout $HEAD_BRANCH
git pull origin $HEAD_BRANCH
# Get the diff
gh pr diff $ARGUMENTS
# Get PR checks status
gh pr checks $ARGUMENTS
Step 2: Comprehensive Analysis
Analyze the code across multiple dimensions:
π Security Analysis:
- SQL injection vulnerabilities
- XSS (Cross-Site Scripting) risks
- Authentication/authorization issues
- Secrets in code (API keys, passwords)
- Insecure dependencies
- CSRF protection
- Input validation
- Cryptography weaknesses
π¨ Code Quality:
- Extract duplicate code into functions
- Simplify complex conditionals
- Improve variable/function naming
- Add error handling
- Reduce nesting depth
- Apply SOLID principles
β‘ Performance:
- Optimize algorithms
- Reduce database queries (N+1 issues)
- Add caching where appropriate
- Lazy load resources
- Parallel processing opportunities
π Readability:
- Add clarifying comments
- Break down large functions
- Improve code organization
- Use descriptive names
β¨ Best Practices:
- Follow language idioms
- Use modern syntax
- Apply design patterns
- Follow project conventions
π§ͺ Testing Coverage:
- Missing unit tests
- Untested edge cases
- Error handling tests
Step 3: Generate Report
See references/report-template.md for full template.
Key sections:
- Overview (files, lines, quality rating)
- Security analysis (strengths, issues, warnings)
- Code quality improvements by category
- File-by-file improvements with before/after
- Implementation priority (Critical β Low)
- Testing coverage gaps
- Impact summary
Step 4: Auto-Apply Options
Present options to user:
- A) Apply critical fixes + high priority improvements
- B) Apply high priority only (safer)
- C) Apply specific improvements (user chooses)
- D) Show changes first (don't apply)
- E) Post as PR comment for team review
Step 5: Apply Changes (if selected)
# For each improvement:
# 1. Use Edit tool to apply the change
# 2. Verify syntax is correct
# 3. Track what was changed
# After all changes:
git add .
git commit -m "π improve: apply AI-suggested improvements
Security fixes:
- [list security fixes]
Code quality:
- [list improvements]
Applied [count] improvements across [count] files."
git push origin $HEAD_BRANCH
Step 6: Verification
# Run any available tests
if [ -f "package.json" ]; then npm test; fi
if [ -f "pytest.ini" ]; then pytest; fi
if [ -f "Makefile" ]; then make test; fi
# Verify no regressions
git diff --stat
Safety Rules
Before applying ANY improvement:
1. β
Verify syntax is valid
2. β
Ensure tests still pass (if available)
3. β
Preserve original functionality
4. β
Check no breaking changes introduced
5. β
Validate code compiles/runs
6. β
NEVER auto-apply critical security fixes - flag for manual review
Security Priority
CRITICAL: Security issues require special handling:
- SQL Injection β FLAG, don't auto-fix (needs validation)
- Hardcoded secrets β FLAG, don't auto-fix (needs secret rotation)
- XSS vulnerabilities β FLAG, don't auto-fix (needs testing)
- Auth issues β FLAG, don't auto-fix (needs security review)
For security fixes, provide the fix but require manual review and application.
Output Guidelines
Be Specific:
- Include exact line numbers
- Show before/after code
- Explain security impact
- Provide CVE references if applicable
Be Practical:
- Focus on high-impact changes
- Consider implementation effort
- Prioritize security over style
Be Safe:
- Don't break existing functionality
- Maintain backward compatibility
- Preserve test coverage
- Flag security issues for review
Priority Levels
| Priority | Icon | Description |
|---|---|---|
| Critical | π΄ | MUST fix before merge (security vulnerabilities) |
| High | π‘ | Should implement now (significant improvements) |
| Medium | π’ | Consider for this PR (good enhancements) |
| Low | βͺ | Future enhancement (nice-to-have) |
Remember: Security first, quality second, style third. Critical security issues must be flagged but not auto-applied without review.
# Related Skills
Use when feature flag tests fail, flags need updating, understanding @gate pragmas, debugging...
Use when you have lint errors, formatting issues, or before committing code to ensure it passes CI.
Use when you need to check feature flag states, compare channels, or debug why a feature behaves...
# Supported AI Coding Agents
This skill is compatible with the SKILL.md standard and works with all major AI coding agents:
Amp
Antigravity
Claude Code
Clawdbot
Codex
Cursor
Droid
Gemini CLI
GitHub Copilot
Goose
Kilo Code
Kiro CLI
OpenCode
Roo Code
Trae
Windsurf
Learn more about the SKILL.md standard and how to use these skills with your preferred AI coding agent.