review-prlisted

# PR Audit Workflow When asked to audit/review a PR, follow this workflow. ## 1. Gather PR Context Load /claudius:git-and-github skill . Use GitHub MCP to fetch PR metadata: - **PR details**: `pull_request_read` with `method: "get"` — returns title, body, URL, base/head branches, number. - **Changed files**: `pull_request_read` with `method: "get_files"` — returns list of changed files with stats. - **PR diff**: `pull_request_read` with `method: "get_diff"` — returns the full diff. **Note**: `get_files` and `get_diff` can return large responses on sizable PRs. Use the subagent delegation pattern from `git-and-github` skill § Context Management to avoid polluting your context. Use local git for commit history and detailed diffs. If GitHub MCP is unavailable, see [gh-cli-fallback.md](../git-and-github/references/pr-review.md) for `gh` CLI equivalents. ## 2. Conduct the Review Invoke the `/claudius:grumpy-review` skill with the PR scope as the argument. It covers: - Agent selection and scaling based on PR size - Parallel agent spawning with explicit prompts - OWASP classification on all security findings - Consolidated, deduplicated report generation Pass the PR's scope (changed files, base branch) as context to the review methodology. ## 3. Pass C — Promise Verification Audit whether the diff delivers what the PR's own self-description claims. Reuses the PR title, body, file list, and diff already fetched in §1 — no extra MCP calls. Findings emit in the v3 report