gemini-review

by alinaqi

gemini-review is a Gemini-powered code review skill for large repositories and PRs. It uses Gemini 2.5 Pro and 1M-token context to review code with less chunking, better cross-file reasoning, and CI/CD-friendly feedback.

Stars607

Favorites0

Comments0

AddedMay 9, 2026

CategoryCode Review

Install Command

npx skills add alinaqi/claude-bootstrap --skill gemini-review

Curation Score

This skill scores 71/100, which means it is worth listing for users who want a Gemini-based code review workflow, but they should expect a somewhat limited install decision page. The repository gives enough evidence of a real, triggerable review skill with concrete workflow guidance, though it lacks companion files and a visible install command, so adoption still requires some interpretation.

71/100

Strengths

Explicit trigger and use case: frontmatter says 'when user requests Gemini-powered code review or needs large-context review' and marks the skill user-invocable.
Substantial workflow content: the SKILL.md body is large, uses headings, tables, and code fences, and includes installation/prerequisite guidance.
Good operational leverage: it points to Gemini CLI, code review extension, Gemini Code Assist, and a GitHub Action, giving agents multiple execution paths.

Cautions

No install command in SKILL.md, so users must infer setup rather than follow a direct install path.
No support files or references bundle, which reduces trust and makes the workflow feel more manual than packaged.

Gemini Github Actions Developer Audience Cli

Overview

Overview of gemini-review skill

What gemini-review does

gemini-review is a Gemini-powered code review skill for agents that need to inspect real codebases, not just summarize patches. It is best for reviewers who want the gemini-review skill to analyze a repository with Gemini 2.5 Pro, use its large context window, and produce structured review feedback with less manual chunking.

Best fit for this skill

Use gemini-review when you need gemini-review for Code Review on a sizable repo, a PR with broad file impact, or a change that is hard to judge from a small diff alone. It is especially useful when you care about consistency, repository-wide reasoning, and CI/CD-friendly review workflows.

What makes it different

The main selling points are explicit: Gemini 2.5 Pro, a 1M token context window, and a workflow that can fit more of the codebase into one pass. That makes gemini-review stronger than a generic prompt when the risk is missing cross-file interactions, hidden regressions, or project conventions spread across many files.

How to Use gemini-review skill

Install and verify the skill

Follow the gemini-review install path through the host environment, then confirm the skill folder is available at skills/gemini-review. The upstream SKILL.md shows the review-oriented workflow and prerequisites; for a first pass, start there before trying to adapt prompts or automation.

Give the skill the right review target

The best gemini-review usage starts with a clear target: a branch, PR, commit range, or a specific subsystem plus the review goal. Strong input looks like: “Review this PR for correctness, security, and missed test coverage; focus on auth, data migration, and API compatibility.” Weak input like “review my code” leaves the model guessing what tradeoffs matter.

Read the right files first

For a practical gemini-review guide, inspect SKILL.md first, then any linked repo docs that describe installation, prerequisites, and workflow constraints. In this repository, SKILL.md is the main source of truth; because there are no supporting rules/, resources/, or helper scripts, your implementation will depend mostly on how well you adapt that core guidance to your own repo and CI setup.

Use a review workflow, not a one-shot prompt

A good workflow is: identify scope, collect the most relevant files, state the review criteria, run Gemini, then re-run with follow-up questions on any uncertain findings. This skill works best when you ask for concrete output such as “top risks,” “likely breakages,” and “recommended fixes,” instead of asking for a vague opinion.

gemini-review skill FAQ

Is gemini-review only for large repos?

No. The large context window is the headline feature, but gemini-review is also useful on medium-sized changes when you want stable, structured review output. It becomes less valuable only when the change is tiny and a normal prompt would already be enough.

Do I need Gemini-specific tooling to use it well?

Yes, this skill is centered on Gemini CLI and related review workflows. If your environment cannot use Gemini CLI, the skill may not be a good fit even if the review logic itself looks useful.

How is this different from a generic code review prompt?

A generic prompt can review a diff, but gemini-review is built around repository-scale context and a repeatable review process. That matters when correctness depends on files outside the patch, shared conventions, or PRs that touch several layers of the stack.

Is gemini-review beginner-friendly?

Yes, if you can describe what changed and what you want checked. It is not beginner-proof, though: the quality of the result depends on giving a specific target, relevant files, and review criteria rather than hoping the model infers everything from the repo.

How to Improve gemini-review skill

Narrow the review criteria

The biggest quality gain comes from telling gemini-review what matters most: bugs, security, tests, API compatibility, performance, or release risk. If you do not specify priorities, the review may spread attention too thin across minor style issues.

Provide stronger input context

Include the diff, the surrounding files, and any known constraints such as supported runtime, deployment rules, or backward-compatibility requirements. For gemini-review for Code Review, context like “must preserve public API,” “runs in CI,” or “cannot add new dependencies” sharply improves the usefulness of the output.

Iterate on the first pass

Treat the first review as a triage pass. If the output is too broad, ask for a second pass focused on the highest-risk finding, request exact file-level evidence, or ask for a prioritized fix plan. That is usually more effective than rerunning the same prompt with only cosmetic changes.

Watch for common failure modes

The main risks are over-trusting a confident but shallow review, under-specifying scope, and expecting the skill to infer repository policy that is not stated anywhere. gemini-review works best when you verify the findings against the codebase and tighten the prompt whenever the review sounds generic rather than evidence-based.

Ratings & Reviews

No ratings yet

Share your review

0/10000

Latest reviews

Saving...

more skill

security-threat-model

by openai

Repository-grounded security-threat-model skill for AppSec threat modeling. It maps trust boundaries, assets, attacker goals, abuse paths, and mitigations into a concise Markdown threat model. Use it when you need security-threat-model for Threat Modeling on a specific repo or path, not a generic architecture review or code check.

Threat Modeling

Favorites 0GitHub 0

laravel-tdd

by affaan-m

laravel-tdd is a Laravel test-driven-development guide for PHPUnit and Pest. It helps with unit, feature, and integration test choices, database strategy, fakes, coverage targets, and a practical workflow for test automation.

Test Automation

Favorites 0GitHub 156.2k

codeql

by trailofbits

The codeql skill helps you run CodeQL with fewer blind spots during a security audit. It focuses on database quality, suite selection, data extensions, and SARIF review so you can use codeql usage more reliably across supported languages. Use it for repeatable codeql guide steps when analyzing real repositories.

Security Audit

Favorites 0GitHub 5k

semgrep-rule-creator

by trailofbits

semgrep-rule-creator creates production-quality Semgrep rules for security vulnerabilities, bug patterns, taint-flow detections, and coding standards. Use the semgrep-rule-creator skill for Security Audit work when you need precise rules, test cases, and validation instead of a generic draft.

Security Audit

Favorites 0GitHub 5k

insecure-defaults

by trailofbits

The insecure-defaults skill helps spot fail-open configuration patterns that let software run with unsafe settings instead of stopping. Use it for a Security Audit of production code, deployment configs, and secret-handling logic to catch weak auth, hardcoded secrets, and permissive defaults.

Security Audit

Favorites 0GitHub 5k

constant-time-analysis

by trailofbits

constant-time-analysis is a security-audit skill for finding timing side-channel risks in cryptographic code before they become exploitable bugs. Use it to review secret-dependent math, branches, comparisons, and compiled output when checking C, C++, Go, Rust, Swift, Java, Kotlin, PHP, JavaScript, TypeScript, Python, or Ruby.

Security Audit

Favorites 0GitHub 5k

react-native-best-practices

by callstackincubator

react-native-best-practices is a practical React Native performance optimization guide for slow startup, dropped frames, heavy renders, memory leaks, bundle bloat, and animation jank. Use it when you need evidence-backed fixes for Hermes, bridge overhead, FlashList, native modules, or profiling a release regression.

Performance Optimization

Favorites 0GitHub 1.3k

github-pr-review

by fvadicamo

github-pr-review is a GitHub PR review skill for collecting inline comments, PR-level review bodies, and replies, then organizing feedback by severity so you can fix blockers first. Use it to resolve PR comments, respond to reviewers, and update the branch with targeted commits and thread replies. It fits the github-pr-review guide for authenticated GitHub CLI workflows.

PR Review

Favorites 0GitHub 0

autofix

by coderabbitai

autofix helps safely turn CodeRabbit PR review-thread feedback into validated code changes on the current GitHub branch. Use this autofix skill when you need a branch-aware CodeRabbit for Code Review workflow with explicit approval, not a generic prompt-following fixer. It checks repo state, reads trusted instructions, and applies only verified fixes.

Code Review

Favorites 0GitHub 0

security-ownership-map

by openai

Use security-ownership-map to analyze git history for security ownership risk, bus factor, and sensitive-code ownership. It maps people to files, surfaces orphaned or under-owned areas, and exports CSV/JSON for graph analysis. Best for security audit questions, CODEOWNERS reality checks, and ownership clusters grounded in commit history.

Security Audit

Favorites 0GitHub 0

frontend-design-review

by microsoft

frontend-design-review is a GitHub skill for reviewing frontend UI work and creating distinctive, production-grade interfaces from scratch. It helps assess design system compliance, accessibility, visual quality, and whether a UI feels generic or intentionally designed. Use it for PR reviews, component reviews, and frontend-design-review for UI Design.

UI Design

Favorites 0GitHub 0

sarif-parsing

by trailofbits

sarif-parsing is a post-scan skill for reading, filtering, deduplicating, summarizing, and converting SARIF 2.1.0 results from tools like CodeQL and Semgrep. Use it when you already have scan output and need clear parsing, aggregation, or CI/CD-ready transformation. It is not for running scans.

Code Editing

Favorites 0GitHub 5k

property-based-testing

by trailofbits

property-based-testing skill guide for writing, reviewing, and improving PBT across languages and smart contracts. Use this property-based-testing guide to spot roundtrip, idempotence, invariant, parser, validator, and normalization cases, choose generators, and decide when property-based-testing is stronger than example-based tests.

Skill Testing

Favorites 0GitHub 5k

investigate

by garrytan

The investigate skill guides systematic debugging and root-cause analysis for broken, flaky, or unexpected behavior. Use it for code review, incident triage, bug fixes, and "it worked yesterday" cases when you need evidence before changing code. It follows a four-phase workflow: investigate, analyze, hypothesize, implement.

Code Review

Favorites 0GitHub 91.8k

ruzzy

by trailofbits

ruzzy is a coverage-guided Ruby fuzzing skill for testing pure Ruby code and Ruby C extensions. Use the ruzzy guide to set up a supported Linux environment, verify sanitizer wiring, and build practical fuzzing workflows for Security Audit work.

Security Audit

Favorites 0GitHub 5k

vue-best-practices

by vuejs-ai

vue-best-practices is a Vue 3 skill for code generation, review, and refactoring. It guides agents toward Composition API, <script setup lang="ts">, explicit data flow, SSR-aware choices, and core references for reactivity, SFCs, composables, Router, Pinia, and Vite-based apps.

Frontend Development

Favorites 0GitHub 2.1k