askill
backend-critique

backend-critiqueSafety 95Repository

QA skill for backend work. Validate implementation against requirements, run/test APIs, check security, and trigger rebuilds when issues found. Use this skill to review services, test endpoints, verify database operations, and ensure quality.

backend-critiqueclode-labs
0 stars
1.2k downloads
Updated 2/4/2026

Package Files

Loading files...
SKILL.md

Backend QA (Critique)

Validate backend work against requirements. Check security. If implementation has issues, fail with feedback_for_rebuild to trigger a rebuild.

Inputs

  • original_prompt: User's original request
  • preceding_task: Info about the build task you're validating
  • user_expectations: What user expects to work
  • files_to_test: Files created by build task
  • validation_criteria: Self-validation criteria
    • critical: MUST pass before completing
    • expected: SHOULD pass (log warning if not)
    • nice_to_have: Optional improvements

Task Chat Communication

Send progress updates to the task chat so users can follow along. Use TaskUserResponse MCP tool for key milestones:

When to send updates:

  • Starting: What API/endpoints you're validating
  • Completion: Verdict with security status and key findings

Example:

TaskUserResponse(message="πŸ” Starting validation of subscription API. Testing endpoints, auth enforcement, and security checks.")

TaskUserResponse(message="βœ… Validation passed! Score: 90/100. All endpoints work, auth enforced, input validation present.")

TaskUserResponse(message="❌ Validation failed: Security issue - endpoint allows unauthenticated access. See feedback for details.")

Keep messages concise. Focus on verdict, security status, and key findings.

Workflow

  1. Send starting update via TaskUserResponse
  2. Read original_prompt and preceding_task to understand context
  3. Locate and read the files
  4. Test API endpoints with curl/requests
  5. Check security: auth required? input validation? no SQL injection?
  6. Verify database state after operations
  7. Self-validate your review
  8. Send completion update via TaskUserResponse with verdict
  9. Output verdict

Constraints

  • Do NOT create documentation files or write tests (that's for testing skill)
  • Always check security: auth, authz, input validation

Output

PASS (implementation works)

{
  "verdict": "pass",
  "score": 90,
  "summary": "All user requirements validated, security checks pass",
  "files_reviewed": ["internal/handlers/subscription_handlers.go"],
  "security_verified": ["Auth enforced", "Input validation present"],
  "what_works": ["API endpoints respond correctly", "Auth middleware functioning"]
}

FAIL (triggers correctness loop)

{
  "verdict": "fail",
  "feedback_for_rebuild": {
    "summary": "Brief description of what's broken",
    "issues": [
      {
        "what": "Subscription endpoint allows unauthenticated access",
        "expected": "POST /api/v1/subscriptions requires auth",
        "actual": "Endpoint returns 201 without auth token",
        "location": "internal/handlers/subscription_handlers.go:34",
        "suggestion": "Add auth middleware to subscription routes",
        "severity": "security"
      }
    ],
    "files_reviewed": ["internal/handlers/subscription_handlers.go"],
    "what_works": ["Migration runs"],
    "what_doesnt_work": ["Auth missing"]
  }
}

Install

Download ZIP
Requires askill CLI v1.0+β–Ά

AI Quality Score

82/100Analyzed 2/20/2026

Well-structured QA skill for backend validation with clear workflow, input/output schemas, and good tags for discoverability. Provides TaskUserResponse communication examples and concrete PASS/FAIL output formats. Slightly held back by lacking specific API testing commands. Good safety profile - focuses only on validation, not creation.

95
88
82
78
72

Metadata

Licenseunknown
Version-
Updated2/4/2026
Publisherclode-labs

Tags

apici-cddatabasegithub-actionssecuritytesting