Conversation
Add code-review as a package-native built-in skill for correctness-focused bug review. Document it alongside security-review and update CLI init/help guidance so users can add both baseline reviews by name. Co-Authored-By: GPT-5 Codex <noreply@anthropic.com>
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit c887cae. Configure here.
| expect(ignored.ignores('src/builtin-skills/code-review/SKILL.md')).toBe(false); | ||
| expect(ignored.ignores('src/builtin-skills/code-review/SOURCES.md')).toBe(false); | ||
| expect(ignored.ignores('src/builtin-skills/code-review/references/javascript-typescript.md')).toBe(false); | ||
| expect(ignored.ignores('src/builtin-skills/code-review/references/python.md')).toBe(false); |
There was a problem hiding this comment.
Missing package test for github-workflows.md reference
Low Severity
The code-review skill's SKILL.md references three runtime files (references/javascript-typescript.md, references/python.md, and references/github-workflows.md), but the package test only asserts that two of them are not excluded by .npmignore. The references/github-workflows.md check is missing, even though the security-review skill's test correctly verifies its own github-workflows.md. A future .npmignore change could silently drop this file from the published package without the test catching it.
Reviewed by Cursor Bugbot for commit c887cae. Configure here.
| --- | ||
| const skills = [ | ||
| "security-review", | ||
| "code-review", |
There was a problem hiding this comment.
Skills array outgrows its paired layout array
Low Severity
The skills array now has 9 entries but desktopSkillLayout still has 8. The layout was crafted with specific side/inset pairs for each skill to produce a staggered visual pattern. Because the code indexes with index % desktopSkillLayout.length, the 9th skill ("error-handling") wraps to layout index 0, getting the same right, 0rem positioning as the 1st skill ("security-review"), which breaks the cascade. A 9th layout entry is needed.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit c887cae. Configure here.
1 participant
Add a package-native code-review built-in skill for correctness-focused bug finding. It follows the existing built-in skill packaging model, with references for JavaScript/TypeScript, Python, and GitHub Actions workflow correctness. This gives users a default non-security reviewer they can add by name alongside security-review, and updates docs, CLI help, init guidance, and package/loader tests to surface both baseline reviews.