Bug: Inconsistent sub-agent delegation for `/security-review` command across different projects

Resolved 💬 5 comments Opened Aug 15, 2025 by coygeek Closed Jan 5, 2026

Title: Bug: Inconsistent sub-agent delegation for /security-review command across different projects

Description

The built-in /security-review slash command exhibits non-deterministic behavior regarding sub-agent delegation. When executed in different, unrelated git projects, the command follows different execution paths—one time delegating to a specialized sub-agent, and another time being handled by the main agent.

This was observed in two separate terminal instances for two completely unrelated projects, neither of which contained any project-level sub-agent configurations. The decision to delegate was made autonomously by the main agent, as the command was invoked simply as /security-review without any further instructions.

This inconsistency makes the tool's behavior unpredictable, potentially leading to different results, execution times, and token costs for what should be a standard, reliable operation.

Steps to Reproduce

Preconditions:

  • Ensure no project-level sub-agent configurations exist. Specifically, the directories ~/project-a/.claude/agents/ and ~/project-b/.claude/agents/ should not exist or be empty.
  • A user-level agent configuration may be present (e.g., ~/.claude/agents/some-agent.md), but it is not directly related to the security review task.

Steps:

  1. Identify two distinct and unrelated git repositories (e.g., ~/project-a and ~/project-b).
  2. Open a terminal, navigate into ~/project-a, and start an interactive session with claude.
  3. Execute the command without any arguments: /security-review
  4. Observation 1: Note that the agent's output shows the task is being delegated to a specialized sub-agent.
  5. Open a new, separate terminal, navigate into the unrelated ~/project-b, and start a new interactive session.
  6. Execute the same command without any arguments: /security-review
  7. Observation 2: Note that this time, the main agent handles the entire task directly without invoking any sub-agents.

Expected Behavior

The /security-review command should follow a predictable execution strategy. Given that there are no project-specific configurations influencing its behavior, the decision to delegate to a sub-agent should be consistent across different projects for a standard, built-in command.

Actual Behavior

The execution strategy for /security-review was inconsistent:

  • In Project A: The task was autonomously delegated to a sub-agent.
  • In Project B: The task was handled entirely by the main agent, with no sub-agent delegation.

Environment

  • Claude Code Version: v1.0.81
  • Operating System: MacOS

Additional Context

  • No Project-Specific Configuration: It is crucial to note that neither project directory contained a .claude/agents folder. This rules out project-level settings as the cause for the differing behavior.
  • No User Instruction: The command was invoked simply as /security-review, with no additional arguments or instructions to use a sub-agent. The decision to delegate (or not) was made entirely by the main agent's internal logic.
  • Global Config: A user-level agent configuration file did exist at ~/.claude/agents/, but this global configuration should apply consistently to all projects and not cause differing behavior for a standard, built-in command.

This points to an inconsistency in how the main agent decides whether to delegate the /security-review task, as the observable conditions for both runs were identical from both a user and project configuration standpoint.

View original on GitHub ↗

This issue has 5 comments on GitHub. Read the full discussion on GitHub ↗