chore(codereview): document external API validation + require official doc links

skills/codereview-roasted/SKILL.md

@@ -67,6 +67,16 @@ Focus on real security risks, not theoretical ones:
 - Memory safety issues in unsafe languages
 - Concurrency bugs that cause data corruption
 
+6. **External APIs & Documentation Validation**
+If the change touches external services (GitHub/GitLab/Bitbucket/Datadog/Slack/etc.), be paranoid and verify:
+- auth method and required scopes/permissions
+- endpoint/method/headers correctness
+- pagination, rate limits, retries/timeouts, and error handling
+- no secrets/PII are exposed (especially logs)
+- required configuration is documented
+
+If applicable, include validated official documentation URL(s) that confirm referenced flags/config keys/endpoints/behavior.
+
 CRITICAL REVIEW OUTPUT FORMAT:
 
 Start with a **Taste Rating**:

skills/codereview/SKILL.md

@@ -40,9 +40,19 @@ Watch for:
 - Incorrect use of cryptographic libraries
 - Common pitfalls (null dereferencing, off-by-one errors, race conditions)
 
+4. External APIs & Documentation Validation
+Check for:
+- Any new or changed access to external APIs (GitHub/GitLab/Bitbucket/Datadog/Slack/etc.)
+- Correct API usage (auth method/scopes/permissions, endpoint+method, required headers, pagination/rate limits)
+- Robustness (retries/timeouts, error handling)
+- Security hygiene (no secrets/PII leaked to logs)
+- Required configuration is properly documented (env vars, tokens, permissions)
+
 INSTRUCTIONS FOR RESPONSE:
 Group the feedback by the scenarios above.
 
+If applicable, include validated official documentation URL(s) that confirm referenced flags/config keys/endpoints/behavior.
+
 Then, for each issue you find:
 - Provide a line number or line range
 - Briefly explain why it's an issue