Our review
This skill performs an infrastructure-focused code review using six specialized checklists to assess IaC, CI/CD pipelines, migrations, logging, and observability.
Strengths
- Comprehensive coverage across multiple domains (IaC, CI/CD, migrations, logging, observability)
- Structured checklists for systematic analysis
- Strong security and operational risk focus
- Production readiness assessment with clear recommendations
Limitations
- Requires the senior-review-specialist agent which may not be available in all environments
- Review quality depends on completeness of the checklists
- May miss framework-specific or tool-specific issues not covered by checklists
Use when reviewing infrastructure changes before production deployment to catch security misconfigurations and operational risks.
Avoid for simple configuration changes or application code reviews that do not impact infrastructure.
Security analysis
SafeThe skill only instructs spawning a review agent to run read-only operations (git diff, reading files) and apply checklists. There is no command execution, network access, or data exfiltration risk. It is a purely analytical template.
No concerns found
Examples
Run an infrastructure-focused review on the current branch. Apply all six checklists: infra, CI, release, migrations, logging, and observability. Generate a full report with blocker issues, high/medium priorities, infrastructure map, and operational readiness assessment.Perform a pre-deployment infrastructure review for the changes in this pull request. Focus on deployment safety, security misconfigurations, and rollback capabilities. Use the senior-review-specialist agent with the infrastructure checklists.name: review:infra description: Infrastructure-focused review covering IaC, CI/CD, releases, migrations, logging, and observability. Spawns the senior-review-specialist agent for infrastructure analysis.
Infrastructure Code Review
Run an infrastructure-focused review using 6 infrastructure checklists via the senior-review-specialist agent.
Instructions
Spawn the senior-review-specialist agent to perform this review.
Checklists to Apply
Load and apply these review checklists:
commands/review/infra.md- Deployment config, least privilege, operational claritycommands/review/ci.md- Pipeline security, deployment safetycommands/review/release.md- Versioning, rollout, migration, rollbackcommands/review/migrations.md- Database migration safetycommands/review/logging.md- Secrets exposure, PII leaks, wide-eventscommands/review/observability.md- Logs, metrics, tracing, alertability
Agent Instructions
The agent should:
- Get working tree changes: Run
git diffto see all changes - Identify infrastructure files:
- Terraform, CloudFormation, Kubernetes manifests
- CI/CD pipelines (GitHub Actions, GitLab CI, etc.)
- Migration files, deployment scripts
- Logging and monitoring configuration
- For each changed file:
- Read the full file content
- Go through each diff hunk
- Apply all 6 infrastructure checklists
- Look for security misconfigurations and operational risks
- Cross-reference related files: Check environment configs, secrets handling
- Assess blast radius: What could go wrong in production?
Output Format
Generate an infrastructure review report with:
- Critical Issues (BLOCKER): Security misconfigurations, deployment risks
- High Priority Issues: Missing guardrails, cost explosions
- Medium Priority Issues: Observability gaps, operational hazards
- Infrastructure Map: Components, dependencies, deployment topology
- Operational Readiness: Logging, alerting, rollback capabilities
- File Summary: Infrastructure issues per file
- Overall Assessment: Production readiness recommendation
Docker Compose Architect
DevOps
Designs optimized Docker Compose configurations.
Incident Postmortem Writer
DevOps
Writes structured and blameless incident postmortem reports.
Runbook Creator
DevOps
Creates clear operational runbooks for common DevOps procedures.