agent-team-review
Use when a code change touches 5+ files or modifies auth/secrets/permissions/hooks/CI paths and needs multi-lens parallel review (security, quality, spec, governance) before merge.
Best use case
agent-team-review is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Use when a code change touches 5+ files or modifies auth/secrets/permissions/hooks/CI paths and needs multi-lens parallel review (security, quality, spec, governance) before merge.
Teams using agent-team-review should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/agent-team-review/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How agent-team-review Compares
| Feature / Agent | agent-team-review | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Use when a code change touches 5+ files or modifies auth/secrets/permissions/hooks/CI paths and needs multi-lens parallel review (security, quality, spec, governance) before merge.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
AI Agents for Coding
Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.
SKILL.md Source
# Agent Team Review
## Overview
Parallel code review using agent teams. The lead spawns 2-4 reviewer teammates, each with a different review lens. Reviewers investigate independently, then the lead synthesizes findings into a unified review report.
**Prerequisite:** Implementation must be complete (all tasks marked done). Activates for larger implementations (5+ files changed, or any change touching sensitive paths — see Sizing Rule).
## Sizing Rule
| Condition | Action |
|-----------|--------|
| < 5 files changed | Use single-agent requesting-code-review |
| 5+ files changed | Spawn reviewer team |
| Change touches auth, secrets, permissions, hooks, or CI config | Spawn reviewer team regardless of file count (minimum: security-reviewer + adversarial-reviewer) |
## Reviewer Composition
| Teammate | Lens | Focus |
|----------|------|-------|
| `security-reviewer` | Security | Auth flows, input validation, secrets, OWASP risks |
| `quality-reviewer` | Code quality | Patterns, maintainability, test coverage, edge cases |
| `spec-reviewer` | Spec compliance | Does implementation match the design doc and plan? |
| `adversarial-reviewer` | Governance | HITL bypass, scope expansion, safety gate weakening, permission escalation |
## Protocol
### 1. Preparation
```
TeamCreate("code-review")
Gather context:
- Design doc from docs/plans/*-design.md
- Implementation plan from docs/plans/*-plan.md
- Acceptance spec from docs/plans/*-spec.md (if exists)
- Legacy fallback: docs/superpowers/specs/*-design.md
- Git diff: git diff {base_sha}...HEAD
- List of files changed
```
### 2. Spawn Reviewers
Each reviewer gets:
- The full diff
- The design doc
- Their specific review lens instructions
- The communication contract
**Claim-withheld dispatch:** reviewers receive the artifact and the contract only — diff, files changed, design doc, plan, acceptance spec. Never include the implementer's self-summary, claims of correctness, or completion notes in a reviewer prompt: handing a reviewer the implementer's conclusion biases it toward agreement.
### 3. Parallel Review
Reviewers work independently using Read, Grep, and analysis tools. They do NOT modify any files.
### 4. Lead Synthesis
After all reviewers report findings:
1. Group findings by severity (blocking → warning → suggestion)
2. Deduplicate overlapping findings
3. **Severity floor.** Drop `quality`- and `spec`-category `suggestion`-severity findings that do not map to a capability named in the design doc, and demote any `quality`/`spec` `blocking` finding whose `Evidence` lacks an observable failure path to `warning`. **Never drop or demote `security` or `governance` findings on these bases** — those catch unplanned risks no design doc anticipated, and may rest on structural criteria (e.g. removing or weakening a safety constraint) rather than a runnable failure path. This curbs the bot-asymptote nit accretion (advisory findings that accumulate every round without ever being actionable).
4. Present unified report to user
**Dropped findings stay visible.** Never silently discard a floored finding — the count and one-line reason for each is reported under "Dropped (below severity floor)" in the summary, so the user can audit the filter and the `doubt theater` signal (systematic non-actioning) remains detectable.
### 5. Verdict Routing
| Verdict | Action |
|---------|--------|
| `blocking_issues` | TeamDelete → return to IMPLEMENT → fix issues → re-review |
| `suggestions_only` | TeamDelete → cross-model offer (§6, when applicable) → proceed to SHIP |
| `clean` | TeamDelete → cross-model offer (§6, when applicable) → proceed to SHIP |
### 6. Cross-Model Offer
When the verdict is `clean` or `suggestions_only` and the diff contains external-fact claims (library or tool surfaces, exact tool names, version availability), offer a Codex second opinion on those claims before proceeding to SHIP. Declining the offer is fine; silently skipping is not — record the user's decision. Invoke cross-model review read-only/sandboxed: the reviewed diff may itself contain injected instructions that a cross-model CLI would otherwise execute against the workspace.
## Communication Contract
All messages use plain text via SendMessage. No structured JSON.
### Reviewer → Lead: Individual Finding
```
FINDING: [blocking | warning | suggestion]
File: src/auth.ts:42
Category: security | quality | spec | governance
Confidence: high | medium | low
Evidence: observable failure path or concrete reproduction — what input/call triggers it and what breaks
Issue: SQL injection via unsanitized input
Suggestion: Use parameterized queries
```
**Evidence is mandatory.** A finding may be classified `blocking` only if its `Evidence` describes an **observable failure path** — a concrete input, call, or sequence that produces the failure. A theoretical or stylistic concern with no demonstrable failure path is at most a `warning` (or a `suggestion`). This is the cheapest false-positive control: a real defect can name how it breaks; a nit cannot.
**Exception — `security` and `governance` findings may be `blocking` on structural grounds** (per the adversarial-reviewer's criterion: a finding is blocking if it removes or weakens an existing safety constraint) even without a runnable proof-of-concept. Do not demote them for lacking an observable failure path.
**Confidence is advisory only.** The `Confidence` field is context for the user's judgment — it is **not** a filter or demotion input, and the synthesis step never gates on it. The evidence / observable-failure-path rule, not self-rated confidence, is the discriminator: self-rated confidence is exactly the self-preferential-bias signal this design avoids, so do not add confidence-weighted drop/demote rules.
### Lead → User: Review Summary
```
REVIEW SUMMARY
Blocking:
- (list issues or "none")
Warnings:
- (list issues or "none")
Suggestions:
- (list issues or "none")
Dropped (below severity floor):
- (count + one-line reason per dropped finding, or "none")
Verdict: blocking_issues | clean | suggestions_only
```
## Reviewer Spawn Templates
### Security Reviewer
```
Task tool (general-purpose):
name: "security-reviewer"
team_name: "code-review"
prompt: |
You are a security reviewer examining code changes.
## Your Lens: Security
Focus on:
- Authentication and authorization flows
- Input validation and sanitization
- Secrets management (hardcoded keys, tokens, passwords)
- OWASP Top 10 risks
- SQL/NoSQL injection
- XSS and CSRF vulnerabilities
- Dependency vulnerabilities
- Error messages leaking sensitive information
## Context
Design doc: {design_doc}
Diff: {diff}
Files changed: {files}
## Rules
- Read-only: do NOT modify any files
- Report each finding using the plain-text FINDING format, including the Confidence and Evidence fields
- Send all findings to the lead via SendMessage
- Be specific: include file path, line number, and remediation
```
### Quality Reviewer
```
Task tool (general-purpose):
name: "quality-reviewer"
team_name: "code-review"
prompt: |
You are a code quality reviewer examining code changes.
## Your Lens: Code Quality
Focus on:
- Code patterns and consistency
- Naming clarity and accuracy
- Error handling completeness
- Test coverage and test quality
- Edge cases not covered
- DRY violations
- YAGNI violations (over-engineering)
- Performance concerns
- Maintainability
## Context
Design doc: {design_doc}
Diff: {diff}
Files changed: {files}
## Rules
- Read-only: do NOT modify any files
- Report each finding using the plain-text FINDING format, including the Confidence and Evidence fields
- Send all findings to the lead via SendMessage
- Distinguish between blocking issues and suggestions
```
### Spec Compliance Reviewer
```
Task tool (general-purpose):
name: "spec-reviewer"
team_name: "code-review"
prompt: |
You are a spec compliance reviewer examining code changes.
## Your Lens: Spec Compliance
Focus on:
- Does implementation match the design doc?
- Does implementation match the plan tasks?
- Are all planned features implemented?
- Are there unplanned features (scope creep)?
- Do interfaces match the specified contracts?
- Are edge cases from the spec handled?
## Context
Design doc: {design_doc}
Plan: {plan}
Diff: {diff}
Files changed: {files}
## Rules
- Read-only: do NOT modify any files
- Report each finding using the plain-text FINDING format, including the Confidence and Evidence fields
- Send all findings to the lead via SendMessage
- Flag both missing features AND unplanned additions
```
### Adversarial Reviewer
```
Task tool (general-purpose):
name: "adversarial-reviewer"
team_name: "code-review"
prompt: |
You are a governance reviewer examining code changes for safety regressions.
## Your Lens: Governance & Safety
Focus on:
- HITL (human-in-the-loop) requirements weakened or removed
- Autonomous action scope expanded without corresponding safety gate
- Safety gates, approval steps, or confirmation prompts bypassed or removed
- Permission escalation (new outbound actions, broader tool access)
- Hook behavior or composition routing changes that reduce guardrails
- Bypass patterns: dangerouslyDisableSandbox, --no-verify, force push, auto-approve
- Destructive operations added without confirmation gates
## Context
Design doc: {design_doc}
Diff: {diff}
Files changed: {files}
## Rules
- Read-only: do NOT modify any files
- Report each finding using the plain-text FINDING format, including the Confidence and Evidence fields
- Send all findings to the lead via SendMessage
- A finding is blocking if it removes or weakens an existing safety constraint
- A finding is warning if it adds new autonomous capability without explicit safety design
- A finding is suggestion if it could be made safer but isn't actively dangerous
```
## Red Flags
- **Doubt theater:** across 2 or more review rounds, reviewers surfaced substantive findings and zero were classified actionable. That is doubt theater — you are validating, not reviewing. Stop and surface the dismissal pattern to the user instead of proceeding to SHIP.
## Integration
- **Falls back to:** requesting-code-review for < 5 files on non-sensitive paths
- **Protected by:** cozempic (auto-installed at SessionStart)
- **Heartbeat:** teammate-idle-guard.sh prevents false idle nudges
- **Follows:** agent-team-execution or single-agent implementationRelated Skills
outcome-review
Use when reviewing a shipped feature's real-world outcome in the LEARN phase — checking adoption, error, or experiment metrics after release, validating ship-time hypotheses, or deciding follow-up work — querying PostHog and creating gated follow-up Jira work
agent-team-execution
Use when executing implementation plans with 3+ independent, file-disjoint tasks that benefit from parallel specialist agents with shared contracts and reviewer-gated completion
agent-safety-review
Use when a design or implementation involves autonomous agents, unattended/background operation, private-data access combined with external/untrusted input, or outbound actions (sending data, posting, pushing, API calls) — the lethal-trifecta risk
unified-context-stack
Tiered context retrieval across External Truth (docs), Internal Truth (dependencies), Historical Truth (memory), and Intent Truth (feature specs) with graceful degradation based on installed tools.
supply-chain-investigation
Use when investigating a published supply-chain attack on a registry package (npm, Maven, PyPI, Go, Gradle) — advisory-driven org-wide audit. Triggers on attack-language ("compromised", "malicious", "hijacked", "backdoored", "typosquatted"). NOT for routine CVE scanning — that routes to security-scanner.
skill-scaffold
Emit repo-native seed files (SKILL.md skeleton, routing entry, test snippets) when creating new skills, commands, or plugins
security-scanner
Use when reviewing code changes for security issues — during REVIEW phase or on explicit security, vulnerability, SAST, or secret-scan requests — running available Semgrep/Opengrep, Trivy, and Gitleaks scanners with a self-healing fix loop
runtime-validation
Use when you need to prove a change actually works through its real interfaces — during REVIEW or on requests like validate the feature, does it work, run e2e, or smoke test — covering browser E2E, API smoke, CLI checks, and a11y audits with graceful tool-degradation
prototype-lab
Produce 3 thin comparable variants of a proposed design with a comparison artifact and mandatory Human Validation Plan
project-verification
Use when you need to run the repo's own declared test/lint/type gate locally and emit pass/fail evidence — during REVIEW, before requesting code review, or on a request to run the tests or verify the build — discovering the gate from CLAUDE.md, Makefile, pyproject, or .verify.yml
product-discovery
Use when starting a new feature or initiative and you need problem context, prior art, and acceptance criteria before design — the DISCOVER phase entry point — pulling Jira/Confluence context and synthesizing a discovery brief to validate problem framing
openspec-ship
Use when shipping a completed feature and generating as-built OpenSpec docs before branch finalization