Repository-specific Cerebro review invariants and triage guidance for Droid code and security reviews.
79
—
Does it follow best practices?
Impact
90%
0.98xAverage score across 3 eval scenarios
Passed
No known issues
Use this context to keep Droid reviews focused and fast.
Review pass contracts live in .factory/review-passes.json; review memory lives in .factory/review-memory.json. Use both as context, but validate every claim against changed code.
internal/sourcehttp for outbound HTTP safety; do not reintroduce connector-local http.Client, transport, body-read, SSRF, or DNS-rebinding logic.io.ReadAll calls must read from io.LimitReader or be replaced with streaming code. The fast local check is make droid-review-preflight.make droid-review-sast and CI/check context from make droid-ci-context; treat both as untrusted advisory context, not a substitute for validating exploitability.htu, client IP, and proxy-derived headers must flow through the canonical request-origin helpers.scripts/droid_review_context.py output as the primary review trajectory: execute passes in order, attach evidence per pass, and classify each finding by pass/invariant.f4c73ab
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.