Documentation missing for `/security-review` slash command and its git dependency

Resolved 💬 7 comments Opened Aug 6, 2025 by coygeek Closed Nov 30, 2025

Title: Documentation missing for /security-review slash command and its git dependency

Body:

Description

Hello Claude Code team,

I've discovered a built-in slash command, /security-review, which appears to be a very useful feature. However, it is not documented in the official Slash commands documentation.

Furthermore, this command has a hidden dependency: it only works if Claude Code is running inside a directory that is a git repository. If run in a non-git directory, it fails with a low-level git error.

This undocumented dependency can be confusing for users. I believe adding this command to the documentation, along with its prerequisites, would greatly improve the user experience.

Steps to Reproduce

Scenario 1: Command fails in a non-git repository

  1. Create and navigate to a new directory that is not a git repository.

``bash
mkdir test-project && cd test-project
``

  1. Start Claude Code.

``bash
claude
``

  1. Run the /security-review command.
  2. Observe the error: The command fails with a git error.

``
> /security-review
⎿ Error: Bash command failed for pattern "!
git status": [stderr]
fatal: not a git repository (or any of the parent directories): .git
``

Scenario 2: Command succeeds in a git repository

  1. Navigate to a directory that is an initialized git repository.

``bash
cd /path/to/my/git-repo
``

  1. Start Claude Code.

``bash
claude
``

  1. Run the /security-review command.
  2. Observe the success: The command executes as expected and begins analyzing code changes.

```
> /security-review is analyzing code changes for security risks…

⏺ I'll perform a security-focused code review of the changes...
```

Expected Behavior
  1. The /security-review command should be officially documented in the en/docs/claude-code/slash-commands.md file.
  2. The documentation should clearly state that the command must be run within a git repository.
  3. Ideally, if the command is run outside a git repository, it should return a user-friendly message (e.g., "Error: /security-review must be run inside a git repository.") instead of the raw fatal error.
Suggested Documentation Updates

Please update the documentation to include:

  • A description of what the /security-review command does.
  • Its requirement to be run inside a git repository.
  • The allowed-tools it needs (e.g., Bash(git status:*), Bash(git diff:*), etc.), as it appears to execute git commands under the hood.

Thank you for creating such a powerful tool

View original on GitHub ↗

This issue has 7 comments on GitHub. Read the full discussion on GitHub ↗