Skills Guide

Infrastructure Code Review

VerifiedSafe

Infrastructure Code Review performs a comprehensive review of infrastructure as code, CI/CD pipelines, migrations, logging, and observability. It spawns a senior review specialist agent that applies six specialized checklists to identify security misconfigurations, operational risks, and production readiness issues. This skill is particularly useful when reviewing changes to infrastructure files like Terraform, Kubernetes manifests, CI/CD configs, and database migrations.

Sby Skills Guide Bot
DevOpsIntermediate
1506/2/2026
Claude Code
#infrastructure#code-review#iac#ci-cd#observability

Recommended for

Backend developerClaude CodeCode reviewDevOps engineerGit automation

Our review

Performs a comprehensive infrastructure review by applying six checklists (IaC, CI/CD, releases, migrations, logging, observability) via a specialist agent.

Strengths

  • Broad coverage of infrastructure aspects (security, deployment, observability)
  • Detection of misconfigurations and operational risks
  • Blast radius assessment for production incidents
  • Structured output with clear priority levels

Limitations

  • Requires the agent to have access to infrastructure files and git diff context
  • May produce a high volume of comments on large changes
  • Depends on the quality of the loaded checklists
When to use it

Use this skill when reviewing infrastructure code changes (Terraform, CI/CD, migrations, logging) before production deployment.

When not to use it

Do not use it for application-only code changes without infrastructure components, or when a general code review without infrastructure focus is needed.

Security analysis

Safe
Quality score85/100

The skill only describes a review process and spawns a specialist agent; it does not execute any commands or access any tools directly, and contains no destructive or exfiltrating instructions.

No concerns found

Examples

Review infrastructure pull request
Run an infrastructure-focused review on the current branch using all checklists.
Assess production readiness of infrastructure changes
Perform a review of the infrastructure code changes in this PR, applying the infra, CI, release, migration, logging, and observability checklists. Provide a production readiness assessment.

name: review:infra description: Infrastructure-focused review covering IaC, CI/CD, releases, migrations, logging, and observability. Spawns the senior-review-specialist agent for infrastructure analysis.

Infrastructure Code Review

Run an infrastructure-focused review using 6 infrastructure checklists via the senior-review-specialist agent.

Instructions

Spawn the senior-review-specialist agent to perform this review.

Checklists to Apply

Load and apply these review checklists:

  • commands/review/infra.md - Deployment config, least privilege, operational clarity
  • commands/review/ci.md - Pipeline security, deployment safety
  • commands/review/release.md - Versioning, rollout, migration, rollback
  • commands/review/migrations.md - Database migration safety
  • commands/review/logging.md - Secrets exposure, PII leaks, wide-events
  • commands/review/observability.md - Logs, metrics, tracing, alertability

Agent Instructions

The agent should:

  1. Get working tree changes: Run git diff to see all changes
  2. Identify infrastructure files:
    • Terraform, CloudFormation, Kubernetes manifests
    • CI/CD pipelines (GitHub Actions, GitLab CI, etc.)
    • Migration files, deployment scripts
    • Logging and monitoring configuration
  3. For each changed file:
    • Read the full file content
    • Go through each diff hunk
    • Apply all 6 infrastructure checklists
    • Look for security misconfigurations and operational risks
  4. Cross-reference related files: Check environment configs, secrets handling
  5. Assess blast radius: What could go wrong in production?

Output Format

Generate an infrastructure review report with:

  • Critical Issues (BLOCKER): Security misconfigurations, deployment risks
  • High Priority Issues: Missing guardrails, cost explosions
  • Medium Priority Issues: Observability gaps, operational hazards
  • Infrastructure Map: Components, dependencies, deployment topology
  • Operational Readiness: Logging, alerting, rollback capabilities
  • File Summary: Infrastructure issues per file
  • Overall Assessment: Production readiness recommendation
Related skills

Docker Compose Architect

DevOps

Designs optimized Docker Compose configurations.

Claude CodeCopilotadvanced
430
156
1,480
Admin

Incident Postmortem Writer

DevOps

Writes structured and blameless incident postmortem reports.

claudeCursorWindsurfintermediate
141
43
483
Admin

Runbook Creator

DevOps

Creates clear operational runbooks for common DevOps procedures.

claudeCursorWindsurfintermediate
108
32
405
Admin