find-bugs
Comprehensive code review identifying bugs, security vulnerabilities, and quality issues in branch changes.
- Executes a structured five-phase review process: gathering the complete diff, mapping attack surfaces, running a detailed security checklist, verifying findings, and auditing coverage before conclusions
- Security checklist covers 11 critical areas including injection, XSS, authentication, authorization, CSRF, race conditions, session management, cryptography, information disclosure, DoS, and business logic
- Prioritizes findings by severity (critical/high/medium/low) and requires explicit verification that issues are real, not already handled, and not covered by existing tests
- Outputs only significant findings with file location, problem description, evidence, concrete fixes, and relevant standards references; skips stylistic issues
Find Bugs
Review changes on this branch for bugs, security vulnerabilities, and code quality issues.
Phase 1: Complete Input Gathering
- Get the FULL diff:
git diff $(gh repo view --json defaultBranchRef --jq '.defaultBranchRef.name')...HEAD - If output is truncated, read each changed file individually until you have seen every changed line
- List all files modified in this branch before proceeding
Phase 2: Attack Surface Mapping
For each changed file, identify and list:
- All user inputs (request params, headers, body, URL components)
- All database queries
- All authentication/authorization checks
- All session/state operations
- All external calls
More from getsentry/skills
security-review
Security code review for vulnerabilities. Use when asked to "security review", "find vulnerabilities", "check for security issues", "audit security", "OWASP review", or review code for injection, XSS, authentication, authorization, cryptography issues. Provides systematic review with confidence-based reporting.
5.3Kcode-simplifier
Simplifies and refines code for clarity, consistency, and maintainability while preserving all functionality. Use when asked to "simplify code", "clean up code", "refactor for clarity", "improve readability", or review recently modified code for elegance. Focuses on project-specific best practices.
4.3Kagents-md
Creates and maintains concise AGENTS.md and CLAUDE.md project instruction files. Use when asked to create AGENTS.md, update AGENTS.md, maintain agent docs, set up CLAUDE.md, document repository agent conventions, or keep coding-agent instructions minimal and reference-backed.
2.3Kcode-review
Perform code reviews following Sentry engineering practices. Use when reviewing pull requests, examining code changes, or providing feedback on code quality. Covers security, performance, testing, and design review.
2.2Kcommit
ALWAYS use this skill when committing code changes — never commit directly without it. Creates commits following Sentry conventions with proper conventional commit format and issue references. Trigger on any commit, git commit, save changes, or commit message task.
2.0Kiterate-pr
Iterate on a PR until CI passes. Use when you need to fix CI failures, address review feedback, or continuously push fixes until all checks are green. Automates the feedback-fix-push-wait cycle.
1.9K