From f0b87b77b4ad41eb75fd564d57a799c943ca349d Mon Sep 17 00:00:00 2001 From: openhands Date: Wed, 14 Jan 2026 00:49:20 +0000 Subject: [PATCH 1/2] chore(codereview): add external API + official-doc validation section Co-authored-by: openhands --- skills/codereview-roasted/SKILL.md | 8 ++++++++ skills/codereview/SKILL.md | 10 ++++++++++ 2 files changed, 18 insertions(+) diff --git a/skills/codereview-roasted/SKILL.md b/skills/codereview-roasted/SKILL.md index 1f30a0c..aa0d282 100644 --- a/skills/codereview-roasted/SKILL.md +++ b/skills/codereview-roasted/SKILL.md @@ -67,6 +67,14 @@ Focus on real security risks, not theoretical ones: - Memory safety issues in unsafe languages - Concurrency bugs that cause data corruption +6. **External APIs & Documentation Validation** +If the change touches external services (GitHub/GitLab/Bitbucket/Datadog/Slack/etc.), be paranoid and verify: +- auth method and required scopes/permissions +- endpoint/method/headers correctness +- pagination, rate limits, retries/timeouts, and error handling +- no secrets/PII are exposed (especially logs) +- required configuration is documented, and include official doc links + CRITICAL REVIEW OUTPUT FORMAT: Start with a **Taste Rating**: diff --git a/skills/codereview/SKILL.md b/skills/codereview/SKILL.md index bf817b6..333b255 100644 --- a/skills/codereview/SKILL.md +++ b/skills/codereview/SKILL.md @@ -40,9 +40,19 @@ Watch for: - Incorrect use of cryptographic libraries - Common pitfalls (null dereferencing, off-by-one errors, race conditions) +4. External APIs & Documentation Validation +Check for: +- Any new or changed access to external APIs (GitHub/GitLab/Bitbucket/Datadog/Slack/etc.) +- Correct API usage (auth method/scopes/permissions, endpoint+method, required headers, pagination/rate limits) +- Robustness (retries/timeouts, error handling) +- Security hygiene (no secrets/PII leaked to logs) +- Required configuration is properly documented (env vars, tokens, permissions) + INSTRUCTIONS FOR RESPONSE: Group the feedback by the scenarios above. +If applicable, include validated official documentation URL(s) that confirm referenced flags/config keys/endpoints/behavior. + Then, for each issue you find: - Provide a line number or line range - Briefly explain why it's an issue From ca190785af2f4622a5373724694c17ba53390e3f Mon Sep 17 00:00:00 2001 From: openhands Date: Wed, 14 Jan 2026 00:57:15 +0000 Subject: [PATCH 2/2] chore(codereview-roasted): ask reviewers to include official doc URLs Co-authored-by: openhands --- skills/codereview-roasted/SKILL.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/skills/codereview-roasted/SKILL.md b/skills/codereview-roasted/SKILL.md index aa0d282..8198118 100644 --- a/skills/codereview-roasted/SKILL.md +++ b/skills/codereview-roasted/SKILL.md @@ -73,7 +73,9 @@ If the change touches external services (GitHub/GitLab/Bitbucket/Datadog/Slack/e - endpoint/method/headers correctness - pagination, rate limits, retries/timeouts, and error handling - no secrets/PII are exposed (especially logs) -- required configuration is documented, and include official doc links +- required configuration is documented + +If applicable, include validated official documentation URL(s) that confirm referenced flags/config keys/endpoints/behavior. CRITICAL REVIEW OUTPUT FORMAT: