/cf-review-in
Manual onlyMedium~1K–2.5K tokens injected into promptCollect external review results and apply fixes.
Context footprint: ⚡⚡ (medium) — what does this mean?
The /cf-review-in skill reads review results written by an external AI agent (generated via /cf-review-out), presents the findings, and offers to fix any issues found.
Usage
/cf-review-in <label> [service]
- With label only — reads all
docs/reviews/<label>-result-*.mdfiles (one per reviewer) - With label and service — reads only
docs/reviews/<label>-result-<service>.md(filter to one reviewer) - No arguments — lists available results and asks which one to collect
Examples
# Collect results for a specific review (all reviewers)
/cf-review-in fix-auth-bypass
# Collect results from a specific reviewer only
/cf-review-in fix-auth-bypass gemini
# Browse available results
/cf-review-in
Workflow
- Find results — Glob for
docs/reviews/<label>-result-*.md - Parse findings — Extract Critical/Important/Suggestion issues from the result file
- Read original context — Load the prompt file to understand what was reviewed
- Critically verify findings — Do NOT blindly trust external findings. For every Critical and Important issue:
- Read the actual source code at the referenced file and line
- Verify the claim against reality (does it actually exist? did the reviewer miss context?)
- Classify each finding as Confirmed, Questionable, Dismissed, or Stale
- For Suggestions, do a lighter check — only flag obviously wrong ones
- Present verified report — Display findings with verification verdicts
- Smart capture — If notable architectural insights found in Confirmed findings, store to memory (when available)
- Offer fixes — If confirmed or questionable issues found, offer to fix them using TDD (dismissed findings are never auto-fixed)
- Update status — Mark the prompt as
collectedin its frontmatter
Output
Findings are presented with independent verification verdicts:
## 🔍 External Review: fix-auth-bypass
> Review by Gemini 2.5 Pro
> Verified by Coding Friend against current codebase.
### 🚨 Critical Issues
- ✅ Confirmed — Missing input validation at api/handlers.ts:42
Verification: User input passed directly to query without sanitization.
- ❌ Dismissed — Unused variable at lib/auth.ts:10
Reason: Variable is used in a downstream module.
### ⚠️ Important Issues
- ❓ Questionable — Error handling could be more specific at lib/auth.ts:18
Note: Current handling may be intentional; needs user judgment.
### 💡 Suggestions
- Consider extracting shared logic into a utility function
### 📊 Verification Summary
- Confirmed: 1 | Questionable: 1 | Dismissed: 1 | Stale: 0
### 📋 Reviewer's Summary
Code is generally well-structured with one input validation gap.
All Critical and Important findings are independently verified against the current codebase. Dismissed findings are shown for transparency but will not be acted on.
Result File Format
The external agent should write results matching this format:
---
label: fix-auth-bypass
date: 2026-03-23
type: review-result
reviewer: Gemini 2.5 Pro
---
# Review Result: fix-auth-bypass
## Critical Issues
**[Critical] api/handlers.ts:42 — Missing input validation**
User input is passed directly to database query without sanitization.
## Important Issues
(none)
## Suggestions
**[Suggestion] lib/utils.ts:15 — Extract shared validation**
The validation pattern is repeated in 3 files.
## Summary
One critical security issue found. Overall code quality is good.
Part of the Workflow
/cf-review-out and /cf-review-in form a complete external review pipeline:
implement (TDD) → /cf-review-out → (external agent reviews) → /cf-review-in → fix issues → /cf-commit