Git PR Auditor is a skill that performs multi-layered analysis of git diffs to catch security and quality problems before code is merged. It works against staged changes, specific branches, or active GitHub Pull Requests, categorizing issues into three severity levels: Critical for security findings, Warning for quality problems, and Info for best-practice observations.
On the security side, the skill detects hardcoded secrets, SQL injection patterns, command injection risks, and XSS patterns. For code quality, it flags code smells such as magic numbers, swallowed errors, and leaked debug log statements. Structural analysis covers overly complex functions and missing documentation. The audit logic is applied per file type, with specialized checklists for backend code, frontend code, configuration files, and SQL.
The skill produces a standardized, machine-readable report, making it suitable as a first-pass reviewer in automated pipelines before a human reviewer sees the diff. It integrates with standard Git workflows and the GitHub CLI.
This skill is not an MCP server and exposes no callable tools to an agent runtime — it is a structured execution skill. It does not replace deep human code review for complex architectural decisions, and it requires access to the relevant git diff or GitHub Pull Request context to operate.