Use when the user asks to review code, a plan, a PR, or a directory — auto-detects target, runs cross-model review (Claude + GPT + Gemini-3-pro). Reports bugs, security issues, false assumptions, and plan deviations only; refactor/perf/restructure are opt-in passes
72
—
Does it follow best practices?
Impact
—
No eval scenarios have been run
Passed
No known issues
x-review is a reviewer. It evaluates existing work and returns verdicts. It does not apply fixes.
x-review evaluates whether the target does what it claims to do, safely. Nothing more.
In scope (report these):
Out of scope (DO NOT report unless the user explicitly asks):
Severity rule: If a finding does not name a concrete bug, security flaw, or false assumption that affects correctness or safety, it is out of scope — drop it, do not downgrade it to LOW. Reviewers will surface noise; the synthesis step (step 3) is where it gets filtered.
The test: "If we shipped this as-is and a user hit it, would something break, leak, or behave wrong?" If no → out of scope.
This contract narrows what reviewers report. The user can request broader passes explicitly via the [P]/[C]/[D] menu in step 4 — those passes are opt-in scope-expanders, never default.
gitnexus-derived material (fence — applies to the optional blast-radius enrichment from steps/step-01-prepare.md):
The existing in-scope / out-of-scope lists above are UNCHANGED. This fence is an ADDITIONAL constraint on any finding that draws on gitnexus enrichment (depth-1 caller summaries, route_map/api_impact consumer lists):
route_map shows N external consumers. This is the in-scope false-assumption finding — and it comes from route_map consumers, NOT from impact depth-1 callers.x-review MUST NOT:
Edit or Write during the review phase (steps 1-3 up to verdict) — reviewers evaluate, they don't fixBash commands that mutate state (no git commit, no npm install, no gh pr merge) during the review phaseException — Fix Mode: When the user explicitly requests fixes (e.g., "fix all", "apply fixes") after a REQUEST_CHANGES verdict, x-review enters Fix Mode (step 3). In Fix Mode, Edit/Write/mutating Bash are permitted via the receiving-code-review workflow. The role boundary shifts from "report only" to "report then fix on request."
Allowed:
Read to inspect diff, source files, testsBash for read-only verification (running tests, reading git log, checking lint output)Agent tool to dispatch code-reviewer for cross-model passesSkill tool for dispatching additional review passesSelf-check before every tool call:
If you're about to call Edit/Write or a mutating Bash and you are NOT in Fix Mode, STOP.
Reviewers report; they don't fix — until the user says otherwise.
Return your findings and surface the menu — only enter Fix Mode after explicit user request.
Smart review that detects what to review and how deep to go.
MANDATORY first step — do this BEFORE anything else:
0. Pin capabilities for the session per ../x-shared/capability-loading.md. Filter routing tables against the pinned set; do NOT re-check per dispatch. If mcp.gitnexus is pinned, also consume the shared session-pinned indexed+fresh probe per ../x-shared/capability-loading.md § "Shared GitNexus Indexed+Fresh Probe" — do NOT run an independent gitnexus list; read the single pinned record. (F3)
config.json in this skill directory to get the omo_agent path (used at dispatch time).../x-omo/SKILL.md to load the OMO agent catalog, invocation commands, and model routing. This ensures you know how to invoke OMO agents (oracle, explore, librarian, multimodal-looker) via Bash — they are NOT OMC agents. For the unavailable-agent list and replacement model-routing (--model gpt, --model codex), see ../x-shared/omo-routing.md § Unavailable Agents.../x-gemini/SKILL.md if agy_cli capability is pinned. Gemini-3-pro is the third cross-model reviewer (alongside Claude code-reviewer + GPT oracle), strong on Google-Search-grounded fact checks, large diff handling (1M context), and visual/UI screenshot diffs.For how to invoke skills, OMO agents, and OMC agents, see ../x-shared/invocation-guide.md.
This skill uses sequential steps. Load ONE step at a time. Complete each before proceeding.
These exist because skipping them causes real failures (see gotchas.md for evidence):
steps/step-01-prepare.md — detect target, collect contentsteps/step-02-review.md — launch cross-model reviewerssteps/step-03-synthesize.md — verify, synthesize, present findingssteps/step-04-act.md — additional passes menu, verdict routing, checklistsStart with step 1 now.
All findings use consistent severity. See ../x-shared/severity-guide.md for the full scale and triage rules.
agy_cli capability not pinnedSee gotchas.md for known failure patterns — update it when you encounter new ones.
Task: {{ARGUMENTS}}
6381b15
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.