[MODEL] Main assistant pre-fetches data and restricts custom agents from using their tools, causing incorrect analysis
Preflight Checklist
- [x] I have searched existing issues for similar behavior reports
- [x] This report does NOT contain sensitive information (API keys, passwords, etc.)
Type of Behavior Issue
Subagent behaved unexpectedly
What You Asked Claude to Do
User prompt:
use code-reviewer agent to review PR 1119
Context: The code-reviewer is a custom agent configured with the following tools:
- tools: Glob, Grep, Read, WebFetch, TodoWrite, WebSearch, BashOutput, KillBash, mcp__ide__getDiagnostics, Bash
- bash_allow:
- "gh pr view:*"
- "gh pr diff:*"
- "gh api:*"
- "gh pr checks:*"
The agent is specifically instructed to look for truncated diffs and to load each file's full contents when truncated as follows in the agent Markdown file.
...
**IMPORTANT: Handle Large PRs Correctly**
For large PRs, `gh pr diff` output may be truncated. ALWAYS follow this workflow to avoid making incorrect assumptions:
1. **Fetch PR Information**: Use `gh pr view` to understand the PR context
2. **Get File List**: Use `gh pr view <pr-number> --json files --jq '.files[].path'` to get ALL changed files
3. **Check for Truncation**: When using `gh pr diff`, look for truncation indicators like `... [XXXX lines truncated] ...`
4. **Read Key Files Directly**:
- If diff is truncated, DO NOT make assumptions about missing files
- Use the Read tool to examine important files directly:
- Database migrations (look for <redacted>)
- Test files (look for <redacted>)
- Configuration files
- Core implementation files
...
```
### What Claude Actually Did
The main Claude Code assistant executed this pattern:
1. Pre-fetched the PR diff itself:
gh pr diff 1119
- Output was ~50KB and got truncated at "... [471 lines truncated] ..."
- Migration file content was in the truncated section
- Full implementations were cut off
2. Passed truncated data to the code-reviewer agent with this instruction:
prompt: "Review PR #1119 titled <redacted title> by <redacted author>
**Full PR Diff:**
[... 50KB of truncated diff ...]
Do NOT read any local files - work only with the diff provided above."
3. Result - Agent made multiple false claims:
- ❌ "BLOCKING: Missing database migration" - FALSE (migration file existed but was in truncated section)
- ❌ "<redacted> syntax errors" - FALSE (misread the diff format)
- ❌ "This code won't compile" - FALSE (code compiled successfully)
- ❌ "Missing index on composite query" - FALSE (index was in migration file that was truncated)
4. Wasted resources:
- Generated detailed analysis of 8 "critical blocking issues"
- 4 of those issues were completely incorrect
- User had to manually verify and correct the agent's analysis
- Consumed tokens analyzing incomplete/truncated data
### Expected Behavior
The main Claude Code assistant should have simply invoked the custom agent with a high-level task and trusted the agent to use its own tools:
Task(
subagent_type: "code-reviewer",
prompt: "Review PR #1119. Check for security issues, missing tests, database migrations,
indexes, and code quality problems."
)
Then the code-reviewer agent would:
1. Use its own gh pr diff or gh pr view commands (it can handle large output)
2. Provide accurate analysis based on complete, verified information
Why this matters:
- Custom agents are designed for autonomy: Users create agents with specific tools precisely so they can explore the codebase themselves
- Agents handle large data better: Unlike bash output (which truncates), agents can read files incrementally, search systematically, and decide what they
need
- Verification capability: Agents can verify their own claims by reading source files, searching for patterns, etc.
- No truncation issues: Reading files directly avoids bash output limits
The anti-pattern to avoid:
❌ Don't do this:
1. Main assistant runs: gh pr diff
2. Gets truncated output
3. Passes truncated data to agent
4. Tells agent: "Do NOT read local files"
✅ Do this instead:
1. Main assistant invokes agent with high-level task
2. Agent uses its own tools to fetch/explore
3. Agent works with complete data
4. Agent verifies its own claims
### Files Affected
```shell
Permission Mode
Accept Edits was OFF (manual approval required)
Can You Reproduce This?
Sometimes (intermittent)
Steps to Reproduce
- prompt: use code-reviewer agent to review PR 1119
- model requests permission to check out the branch using a git command, I hit ESC to interrupt
- prompt: Use gh command to find the diffs. Don't disrupt my workspace.
Sometimes the Claude Code assistant passes the (truncated) data to the subagent.
Claude Model
Sonnet
Relevant Conversation
[The code-reviewer subagent is instructed to look for truncated diffs then
Claude said: I'll use the gh command to fetch the PR information and review it without touching your workspace.
[Then it used the gh command to fetch the diffs and passed the truncated diffs to the code-reviewer subagent.]
Impact
Medium - Extra work to undo changes
Claude Code Version
2.0.28 (Claude Code)
Platform
Anthropic API
Additional Context
This affects all custom agents with Read/Grep/Glob/Bash tools:
- Code review agents
- Codebase exploration agents
- Refactoring agents
- Any agent designed to autonomously explore and analyze code
Root cause: The main assistant's system prompt likely lacks guidance on:
- When to pre-fetch data vs let agents fetch it
- Never restricting agent tool usage with "Do NOT read files" instructions
- Trusting custom agents to use their configured tools
Suggested fix location: Main Claude Code assistant's Task tool documentation/guidance should include:
- "Don't pre-fetch what agents can fetch themselves"
- "Never tell agents not to use their configured tools"
- "Pass high-level tasks, not pre-processed data"
- "Only provide data when the agent lacks tools to fetch it"
Environment:
- Claude Code Version: 2.0.x (affects all versions with Task tool)
- Agent Type: Custom user-created agents
- Platform: All platforms
This issue has 5 comments on GitHub. Read the full discussion on GitHub ↗