Secure PR Review & Workflow FAQs

Question 1

How does it identify project-specific coding standards?

Accepted Answer

The skill automatically discovers and reads configuration files like CLAUDE.md, .claude/rules/*.md, and CLAUDE.local.md to ensure all changes comply with your specific architecture and style guides.

Question 2

Does this require the GitHub CLI (gh)?

Accepted Answer

Yes, this skill relies on the GitHub CLI to interact with your repository, manage pull requests, and post comments to issues.

Question 3

Does this skill automatically merge code?

Accepted Answer

No, the skill is explicitly configured to never auto-approve or merge code. It is designed to act as an advanced auditor that prepares findings for a final human review.

Question 4

What kind of security analysis does it perform?

Accepted Answer

It conducts an aggressive review of new endpoints, input vectors, permission changes, and data flows, as well as scanning new dependencies for known vulnerabilities or supply chain risks.

Question 5

Can I choose which findings to fix before the PR is posted?

Accepted Answer

Yes, after the analysis phase, the skill presents findings categorized by severity. You can choose to automatically fix specific items, ignore them, or convert them into separate GitHub issues.

Secure PR Review & Workflow

주요 기능

사용 사례

Secure PR Review & Workflow

주요 기능

사용 사례