adversarial-code-review_skill

This skill reviews code as adversary to uncover bugs, security gaps, and hidden risks before deployment.
  • Shell

3

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill third774/dotfiles --skill adversarial-code-review

  • SKILL.md11.4 KB

Overview

This skill runs adversarial code reviews: adopt hostile perspectives to find bugs, security issues, and unintended consequences the author missed. Use it to surface high-impact problems before merging PRs, auditing codebases, or deploying critical changes. It focuses on practical, actionable findings with location, impact, and severity.

How this skill works

Start in Diff-Focused mode by default (PRs and changed files); switch to Audit mode only when requested for broader, systematic coverage. Deliberately apply six separate lenses—Malicious User, Careless Colleague, Future Maintainer, Ops/On-Call, Data Integrity, and Interaction Effects—documenting findings per lens. Each finding must include a specific location, an impact assessment, and a severity tier (Must Fix / Should Fix / Consider).

When to use it

  • Reviewing pull requests or diffs before merge
  • Auditing a module or repository with explicit scope
  • Before critical deployments or releases
  • When assessing security-sensitive or stateful code
  • When you need focused, high-value review comments for complex changes

Best practices

  • Determine mode up front: diff-focused by default, audit only on explicit request
  • Apply lenses one at a time—don’t blend perspectives
  • Report only findings that pass the Impact Filter (probability, impact, non-obvious)
  • Include exact file/line locations and clear reasoning for every Must Fix
  • Limit "Consider" items to two per review and always note at least one positive
  • Prioritize lenses by code type (e.g., Data Integrity for DB ops, Ops for background jobs)

Example use cases

  • PR review for a new API endpoint to find injection, misuse, and interaction regressions
  • Pre-deploy audit of a migration or database-affecting change to detect race and partial-failure modes
  • Security-focused pass on authentication, payment, or crypto code using the Malicious User lens
  • Operational review of background jobs and retries using the Ops/On-Call lens
  • Maintenance audit to identify implicit assumptions and documentation gaps for long-lived services

FAQ

A Must Fix breaks correctness, security, or data integrity (e.g., auth bypass, SQL injection, race leading to data loss). Each Must Fix must show the specific location and clear reasoning or reproduction steps.

How do you avoid noise in reviews?

Only report items that score 2+ on the Impact Filter: likely to occur, impactful if it occurs, and non-obvious to the author. Limit low-value "Consider" items to two.

When should I escalate instead of continuing the review?

Escalate for security-critical areas (auth, payments, crypto), if you find 3+ Must Fixes, if you don’t understand the code, or if there are architectural concerns requiring design discussion.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational