name: code-review-gemini
description: Perform deep, thorough code review using Gemini AI. Use this Skill when user explicitly requests 'gemini review', 'thorough review', 'detailed review', or 'deep review'. For general 'review' requests, the code-reviewer meta-skill will route appropriately.

Code Review with Gemini

Purpose

This Skill performs a structured code review on staged changes by:
1. Collecting the git diff of staged changes (git diff --cached)
2. Running an external review script that invokes the Gemini CLI
3. Summarizing the findings in a clear, prioritized manner

The Skill is designed to be deterministic, auditable, and suitable for pre-commit workflows.

Instructions

When the user expresses intent to review staged changes (for example: reviewing staged files, checking code before commit, or analyzing changes about to be committed), follow the steps below strictly.
Please note that do not specify the gemini model in the instructions, as it will be handled in the script.

Execution steps

1. Run the script scripts/review_with_gemini.sh.

2. Observe the script output carefully.
   The script will first print a "Review Scope" section that includes:

3. Current branch name
4. Review target (Staged changes)

5. List of staged files

6. Before summarizing the review, pay close attention to the "Review Scope" section and ensure that all findings align strictly with the listed staged files.

7. If a finding does not clearly map to a file in the review scope, treat it as low confidence.

8. Do not introduce issues, suggestions, or risks that are unrelated to the displayed diff.

9. Avoid speculative or generalized advice that cannot be justified by the reviewed changes.

10. After verifying alignment with the review scope, summarize the Gemini review results for the user.

Output requirements

Your final response should be structured and concise, and must include:

• High priority issues
  Issues that may cause bugs, security risks, crashes, or data loss.

• Medium priority concerns
  Design issues, maintainability problems, or potential performance risks.

• Low priority or stylistic suggestions
  Readability, naming, formatting, or minor best-practice improvements.

• Actionable next steps
  Concrete recommendations that the developer can realistically act on.

Do not repeat the full raw Gemini output verbatim unless explicitly asked.
Your role is to act as a senior reviewer who filters, validates, and prioritizes the findings.

Constraints

• Only review code that appears in the provided diff.
• Do not assume project architecture or conventions beyond what is visible in the changes.
• Do not suggest large-scale refactors unless a clear, high-risk issue justifies it.
• Prefer correctness and clarity over exhaustive commentary.

Examples

User:

Review the staged files before I commit.

Expected behavior:
- Run review_with_gemini.sh
- Read the "Review Scope" section
- Validate that review findings match the staged files
- Respond with a prioritized, scoped code review summary

User:

Check the code quality of my staged changes.

Expected behavior:
- Same workflow as above
- Emphasize correctness and risk-related issues first

Workflow

Step 1: Collect Staged Changes

1. Run scripts/review_with_gemini.sh
2. Script executes git diff --cached to get staged changes
3. Script displays "Review Scope" with branch name and staged files

Step 2: Review Analysis

1. Script sends diff to Gemini CLI for analysis
2. Gemini reviews code for:
3. Security vulnerabilities (XSS, injection, auth issues)
4. Logic errors and potential bugs
5. Performance concerns
6. Code quality and maintainability
7. Best practice violations

Step 3: Validate Findings

1. Read the "Review Scope" section
2. Verify all findings map to staged files
3. Filter out speculative or unrelated suggestions
4. Treat unmapped findings as low confidence

Step 4: Prioritize and Summarize

1. Categorize by severity: High, Medium, Low
2. Focus on actionable items
3. Provide specific line numbers and file references
4. Suggest concrete fixes

Step 5: Present Results

1. High priority issues first (security, bugs, crashes)
2. Medium priority concerns (design, performance)
3. Low priority suggestions (style, naming)
4. Actionable next steps

Security Considerations

Input Handling

1. Git Diff Content
2. The diff is sourced from local git repository (trusted source)
3. No user input directly injected into commands

4. Diff size is limited by MAX_DIFF_LINES environment variable (default: 5000)

5. Script Execution Safety

6. review_with_gemini.sh validates environment before execution
7. Checks for required tools (git, Gemini CLI)
8. Uses set -euo pipefail for proper error handling

9. No arbitrary command execution from user input

10. Gemini API Security

11. Requires valid API key (GEMINI_API_KEY environment variable)
12. API calls are made over HTTPS
13. No sensitive code should be in diff (user responsibility)
14. Review results are saved locally only

Sensitive Information Handling

1. Code Content
2. Warn users not to commit secrets, API keys, passwords in code
3. Review process may expose sensitive logic to Gemini API
4. Users should be aware code is sent to external AI service

5. Consider using .gitignore for sensitive files

6. Review Results

7. Saved to local file: gemini_review_result.txt
8. Contains code snippets from diff
9. Should not be committed to git (add to .gitignore)
10. May contain security findings that should be handled carefully

External Dependencies

1. Gemini CLI
2. Official Google tool, regularly updated
3. Requires API key for authentication
4. Network connectivity required

5. API quota limits apply

6. Git

7. Standard version control tool
8. Trusted system dependency
9. No remote operations performed

Error Handling

Pre-execution Validation

1. Git Repository Check
2. Error if not in a git repository
3. Message: "Not a git repository. Please run from within a git project."

4. Action: Change directory to git project root

5. Staged Changes Check

6. Error if no staged changes found
7. Message: "No staged changes found. Use 'git add' to stage files first."

8. Action: User should stage files with git add

9. Gemini CLI Check

10. Error if Gemini CLI not installed
11. Message: "Gemini CLI not found. Install: npm install -g @google/gemini-cli"

12. Provide installation link: https://www.npmjs.com/package/@google/gemini-cli

13. API Key Check

14. Error if GEMINI_API_KEY not set
15. Message: "GEMINI_API_KEY environment variable not set. Please configure your API key."
16. Action: Guide user to set environment variable

Execution Errors

1. Diff Too Large
2. If diff exceeds MAX_DIFF_LINES (default: 5000)
3. Warning: "Diff is too large (X lines). Only first 5000 lines will be reviewed."
4. Action: Review proceeds with truncated diff

5. Recommendation: "Consider reviewing in smaller commits"

6. Gemini API Failures

7. Network timeout or API errors
8. Error: "Gemini API request failed: [error details]"
9. Action: Check network connection and API key

10. Fallback: Suggest manual review or retry

11. Script Execution Failures

12. If review_with_gemini.sh fails
13. Capture stderr output
14. Display error to user with context
15. Provide troubleshooting steps

Output Handling

1. Empty Review Results
2. If Gemini returns no findings
3. Message: "No issues found in the staged changes. Code looks good!"

4. Clarify: This doesn't guarantee bug-free code, just no obvious issues detected

5. Malformed Output

6. If review result file is corrupted or empty
7. Error: "Failed to parse review results. Please try again."

8. Action: Check gemini_review_result.txt for details

9. File Write Errors

10. If cannot write gemini_review_result.txt
11. Error: "Cannot write to output file. Check disk space and permissions."
12. Action: Verify write permissions in current directory

Graceful Degradation

When Gemini CLI is unavailable:
- Inform user that external AI review is not available
- Suggest alternatives: manual review, code-review-assistant (if exists)
- Do not fail the commit workflow (review is advisory, not blocking)

Additional Examples

Example 3: Security-focused review

User: "Review my authentication code for security issues"

Expected behavior:
- Run review_with_gemini.sh
- Focus on security aspects in the summary
- Highlight: SQL injection, XSS, auth bypass, token handling
- Provide security-specific recommendations

Example 4: Performance review

User: "Check if my changes have performance issues"

Expected behavior:
- Run review_with_gemini.sh
- Emphasize performance concerns in summary
- Identify: N+1 queries, memory leaks, inefficient algorithms
- Suggest optimizations with benchmarks

Example 5: Before major refactoring

User: "I'm about to refactor the database layer, review the changes"

Expected behavior:
- Run review_with_gemini.sh on staged refactoring
- Check for: breaking changes, data migration needs, backward compatibility
- Validate: test coverage, error handling, rollback strategy
- Confirm architectural alignment