Bug: Inconsistent sub-agent delegation for `/security-review` command across different projects
Title: Bug: Inconsistent sub-agent delegation for /security-review command across different projects
Description
The built-in /security-review slash command exhibits non-deterministic behavior regarding sub-agent delegation. When executed in different, unrelated git projects, the command follows different execution paths—one time delegating to a specialized sub-agent, and another time being handled by the main agent.
This was observed in two separate terminal instances for two completely unrelated projects, neither of which contained any project-level sub-agent configurations. The decision to delegate was made autonomously by the main agent, as the command was invoked simply as /security-review without any further instructions.
This inconsistency makes the tool's behavior unpredictable, potentially leading to different results, execution times, and token costs for what should be a standard, reliable operation.
Steps to Reproduce
Preconditions:
- Ensure no project-level sub-agent configurations exist. Specifically, the directories
~/project-a/.claude/agents/and~/project-b/.claude/agents/should not exist or be empty. - A user-level agent configuration may be present (e.g.,
~/.claude/agents/some-agent.md), but it is not directly related to the security review task.
Steps:
- Identify two distinct and unrelated git repositories (e.g.,
~/project-aand~/project-b). - Open a terminal, navigate into
~/project-a, and start an interactive session withclaude. - Execute the command without any arguments:
/security-review - Observation 1: Note that the agent's output shows the task is being delegated to a specialized sub-agent.
- Open a new, separate terminal, navigate into the unrelated
~/project-b, and start a new interactive session. - Execute the same command without any arguments:
/security-review - Observation 2: Note that this time, the main agent handles the entire task directly without invoking any sub-agents.
Expected Behavior
The /security-review command should follow a predictable execution strategy. Given that there are no project-specific configurations influencing its behavior, the decision to delegate to a sub-agent should be consistent across different projects for a standard, built-in command.
Actual Behavior
The execution strategy for /security-review was inconsistent:
- In Project A: The task was autonomously delegated to a sub-agent.
- In Project B: The task was handled entirely by the main agent, with no sub-agent delegation.
Environment
- Claude Code Version: v1.0.81
- Operating System: MacOS
Additional Context
- No Project-Specific Configuration: It is crucial to note that neither project directory contained a
.claude/agentsfolder. This rules out project-level settings as the cause for the differing behavior. - No User Instruction: The command was invoked simply as
/security-review, with no additional arguments or instructions to use a sub-agent. The decision to delegate (or not) was made entirely by the main agent's internal logic. - Global Config: A user-level agent configuration file did exist at
~/.claude/agents/, but this global configuration should apply consistently to all projects and not cause differing behavior for a standard, built-in command.
This points to an inconsistency in how the main agent decides whether to delegate the /security-review task, as the observable conditions for both runs were identical from both a user and project configuration standpoint.
This issue has 5 comments on GitHub. Read the full discussion on GitHub ↗