Documentation missing for `/security-review` slash command and its git dependency
Title: Documentation missing for /security-review slash command and its git dependency
Body:
Description
Hello Claude Code team,
I've discovered a built-in slash command, /security-review, which appears to be a very useful feature. However, it is not documented in the official Slash commands documentation.
Furthermore, this command has a hidden dependency: it only works if Claude Code is running inside a directory that is a git repository. If run in a non-git directory, it fails with a low-level git error.
This undocumented dependency can be confusing for users. I believe adding this command to the documentation, along with its prerequisites, would greatly improve the user experience.
Steps to Reproduce
Scenario 1: Command fails in a non-git repository
- Create and navigate to a new directory that is not a git repository.
``bash``
mkdir test-project && cd test-project
- Start Claude Code.
``bash``
claude
- Run the
/security-reviewcommand. - Observe the error: The command fails with a git error.
``git status
> /security-review
⎿ Error: Bash command failed for pattern "!": [stderr]``
fatal: not a git repository (or any of the parent directories): .git
Scenario 2: Command succeeds in a git repository
- Navigate to a directory that is an initialized git repository.
``bash``
cd /path/to/my/git-repo
- Start Claude Code.
``bash``
claude
- Run the
/security-reviewcommand. - Observe the success: The command executes as expected and begins analyzing code changes.
```
> /security-review is analyzing code changes for security risks…
⏺ I'll perform a security-focused code review of the changes...
```
Expected Behavior
- The
/security-reviewcommand should be officially documented in theen/docs/claude-code/slash-commands.mdfile. - The documentation should clearly state that the command must be run within a git repository.
- Ideally, if the command is run outside a git repository, it should return a user-friendly message (e.g., "Error: /security-review must be run inside a git repository.") instead of the raw
fatalerror.
Suggested Documentation Updates
Please update the documentation to include:
- A description of what the
/security-reviewcommand does. - Its requirement to be run inside a git repository.
- The
allowed-toolsit needs (e.g.,Bash(git status:*),Bash(git diff:*), etc.), as it appears to executegitcommands under the hood.
Thank you for creating such a powerful tool
This issue has 7 comments on GitHub. Read the full discussion on GitHub ↗