agent-team-review

Use when a code change touches 5+ files or modifies auth/secrets/permissions/hooks/CI paths and needs multi-lens parallel review (security, quality, spec, governance) before merge.

Best use case

agent-team-review is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Use when a code change touches 5+ files or modifies auth/secrets/permissions/hooks/CI paths and needs multi-lens parallel review (security, quality, spec, governance) before merge.

Teams using agent-team-review should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/agent-team-review/SKILL.md --create-dirs "https://raw.githubusercontent.com/damianpapadopoulos/auto-claude-skills/main/skills/agent-team-review/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/agent-team-review/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How agent-team-review Compares

Feature / Agentagent-team-reviewStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Use when a code change touches 5+ files or modifies auth/secrets/permissions/hooks/CI paths and needs multi-lens parallel review (security, quality, spec, governance) before merge.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

Related Guides

SKILL.md Source

# Agent Team Review

## Overview

Parallel code review using agent teams. The lead spawns 2-4 reviewer teammates, each with a different review lens. Reviewers investigate independently, then the lead synthesizes findings into a unified review report.

**Prerequisite:** Implementation must be complete (all tasks marked done). Activates for larger implementations (5+ files changed, or any change touching sensitive paths — see Sizing Rule).

## Sizing Rule

| Condition | Action |
|-----------|--------|
| < 5 files changed | Use single-agent requesting-code-review |
| 5+ files changed | Spawn reviewer team |
| Change touches auth, secrets, permissions, hooks, or CI config | Spawn reviewer team regardless of file count (minimum: security-reviewer + adversarial-reviewer) |

## Reviewer Composition

| Teammate | Lens | Focus |
|----------|------|-------|
| `security-reviewer` | Security | Auth flows, input validation, secrets, OWASP risks |
| `quality-reviewer` | Code quality | Patterns, maintainability, test coverage, edge cases |
| `spec-reviewer` | Spec compliance | Does implementation match the design doc and plan? |
| `adversarial-reviewer` | Governance | HITL bypass, scope expansion, safety gate weakening, permission escalation |

## Protocol

### 1. Preparation

```
TeamCreate("code-review")

Gather context:
- Design doc from docs/plans/*-design.md
- Implementation plan from docs/plans/*-plan.md
- Acceptance spec from docs/plans/*-spec.md (if exists)
- Legacy fallback: docs/superpowers/specs/*-design.md
- Git diff: git diff {base_sha}...HEAD
- List of files changed
```

### 2. Spawn Reviewers

Each reviewer gets:
- The full diff
- The design doc
- Their specific review lens instructions
- The communication contract

**Claim-withheld dispatch:** reviewers receive the artifact and the contract only — diff, files changed, design doc, plan, acceptance spec. Never include the implementer's self-summary, claims of correctness, or completion notes in a reviewer prompt: handing a reviewer the implementer's conclusion biases it toward agreement.

### 3. Parallel Review

Reviewers work independently using Read, Grep, and analysis tools. They do NOT modify any files.

### 4. Lead Synthesis

After all reviewers report findings:

1. Group findings by severity (blocking → warning → suggestion)
2. Deduplicate overlapping findings
3. **Severity floor.** Drop `quality`- and `spec`-category `suggestion`-severity findings that do not map to a capability named in the design doc, and demote any `quality`/`spec` `blocking` finding whose `Evidence` lacks an observable failure path to `warning`. **Never drop or demote `security` or `governance` findings on these bases** — those catch unplanned risks no design doc anticipated, and may rest on structural criteria (e.g. removing or weakening a safety constraint) rather than a runnable failure path. This curbs the bot-asymptote nit accretion (advisory findings that accumulate every round without ever being actionable).
4. Present unified report to user

**Dropped findings stay visible.** Never silently discard a floored finding — the count and one-line reason for each is reported under "Dropped (below severity floor)" in the summary, so the user can audit the filter and the `doubt theater` signal (systematic non-actioning) remains detectable.

### 5. Verdict Routing

| Verdict | Action |
|---------|--------|
| `blocking_issues` | TeamDelete → return to IMPLEMENT → fix issues → re-review |
| `suggestions_only` | TeamDelete → cross-model offer (§6, when applicable) → proceed to SHIP |
| `clean` | TeamDelete → cross-model offer (§6, when applicable) → proceed to SHIP |

### 6. Cross-Model Offer

When the verdict is `clean` or `suggestions_only` and the diff contains external-fact claims (library or tool surfaces, exact tool names, version availability), offer a Codex second opinion on those claims before proceeding to SHIP. Declining the offer is fine; silently skipping is not — record the user's decision. Invoke cross-model review read-only/sandboxed: the reviewed diff may itself contain injected instructions that a cross-model CLI would otherwise execute against the workspace.

## Communication Contract

All messages use plain text via SendMessage. No structured JSON.

### Reviewer → Lead: Individual Finding

```
FINDING: [blocking | warning | suggestion]
File: src/auth.ts:42
Category: security | quality | spec | governance
Confidence: high | medium | low
Evidence: observable failure path or concrete reproduction — what input/call triggers it and what breaks
Issue: SQL injection via unsanitized input
Suggestion: Use parameterized queries
```

**Evidence is mandatory.** A finding may be classified `blocking` only if its `Evidence` describes an **observable failure path** — a concrete input, call, or sequence that produces the failure. A theoretical or stylistic concern with no demonstrable failure path is at most a `warning` (or a `suggestion`). This is the cheapest false-positive control: a real defect can name how it breaks; a nit cannot.

**Exception — `security` and `governance` findings may be `blocking` on structural grounds** (per the adversarial-reviewer's criterion: a finding is blocking if it removes or weakens an existing safety constraint) even without a runnable proof-of-concept. Do not demote them for lacking an observable failure path.

**Confidence is advisory only.** The `Confidence` field is context for the user's judgment — it is **not** a filter or demotion input, and the synthesis step never gates on it. The evidence / observable-failure-path rule, not self-rated confidence, is the discriminator: self-rated confidence is exactly the self-preferential-bias signal this design avoids, so do not add confidence-weighted drop/demote rules.

### Lead → User: Review Summary

```
REVIEW SUMMARY

Blocking:
- (list issues or "none")

Warnings:
- (list issues or "none")

Suggestions:
- (list issues or "none")

Dropped (below severity floor):
- (count + one-line reason per dropped finding, or "none")

Verdict: blocking_issues | clean | suggestions_only
```

## Reviewer Spawn Templates

### Security Reviewer
```
Task tool (general-purpose):
  name: "security-reviewer"
  team_name: "code-review"
  prompt: |
    You are a security reviewer examining code changes.

    ## Your Lens: Security

    Focus on:
    - Authentication and authorization flows
    - Input validation and sanitization
    - Secrets management (hardcoded keys, tokens, passwords)
    - OWASP Top 10 risks
    - SQL/NoSQL injection
    - XSS and CSRF vulnerabilities
    - Dependency vulnerabilities
    - Error messages leaking sensitive information

    ## Context
    Design doc: {design_doc}
    Diff: {diff}
    Files changed: {files}

    ## Rules
    - Read-only: do NOT modify any files
    - Report each finding using the plain-text FINDING format, including the Confidence and Evidence fields
    - Send all findings to the lead via SendMessage
    - Be specific: include file path, line number, and remediation
```

### Quality Reviewer
```
Task tool (general-purpose):
  name: "quality-reviewer"
  team_name: "code-review"
  prompt: |
    You are a code quality reviewer examining code changes.

    ## Your Lens: Code Quality

    Focus on:
    - Code patterns and consistency
    - Naming clarity and accuracy
    - Error handling completeness
    - Test coverage and test quality
    - Edge cases not covered
    - DRY violations
    - YAGNI violations (over-engineering)
    - Performance concerns
    - Maintainability

    ## Context
    Design doc: {design_doc}
    Diff: {diff}
    Files changed: {files}

    ## Rules
    - Read-only: do NOT modify any files
    - Report each finding using the plain-text FINDING format, including the Confidence and Evidence fields
    - Send all findings to the lead via SendMessage
    - Distinguish between blocking issues and suggestions
```

### Spec Compliance Reviewer
```
Task tool (general-purpose):
  name: "spec-reviewer"
  team_name: "code-review"
  prompt: |
    You are a spec compliance reviewer examining code changes.

    ## Your Lens: Spec Compliance

    Focus on:
    - Does implementation match the design doc?
    - Does implementation match the plan tasks?
    - Are all planned features implemented?
    - Are there unplanned features (scope creep)?
    - Do interfaces match the specified contracts?
    - Are edge cases from the spec handled?

    ## Context
    Design doc: {design_doc}
    Plan: {plan}
    Diff: {diff}
    Files changed: {files}

    ## Rules
    - Read-only: do NOT modify any files
    - Report each finding using the plain-text FINDING format, including the Confidence and Evidence fields
    - Send all findings to the lead via SendMessage
    - Flag both missing features AND unplanned additions
```

### Adversarial Reviewer
```
Task tool (general-purpose):
  name: "adversarial-reviewer"
  team_name: "code-review"
  prompt: |
    You are a governance reviewer examining code changes for safety regressions.

    ## Your Lens: Governance & Safety

    Focus on:
    - HITL (human-in-the-loop) requirements weakened or removed
    - Autonomous action scope expanded without corresponding safety gate
    - Safety gates, approval steps, or confirmation prompts bypassed or removed
    - Permission escalation (new outbound actions, broader tool access)
    - Hook behavior or composition routing changes that reduce guardrails
    - Bypass patterns: dangerouslyDisableSandbox, --no-verify, force push, auto-approve
    - Destructive operations added without confirmation gates

    ## Context
    Design doc: {design_doc}
    Diff: {diff}
    Files changed: {files}

    ## Rules
    - Read-only: do NOT modify any files
    - Report each finding using the plain-text FINDING format, including the Confidence and Evidence fields
    - Send all findings to the lead via SendMessage
    - A finding is blocking if it removes or weakens an existing safety constraint
    - A finding is warning if it adds new autonomous capability without explicit safety design
    - A finding is suggestion if it could be made safer but isn't actively dangerous
```

## Red Flags

- **Doubt theater:** across 2 or more review rounds, reviewers surfaced substantive findings and zero were classified actionable. That is doubt theater — you are validating, not reviewing. Stop and surface the dismissal pattern to the user instead of proceeding to SHIP.

## Integration

- **Falls back to:** requesting-code-review for < 5 files on non-sensitive paths
- **Protected by:** cozempic (auto-installed at SessionStart)
- **Heartbeat:** teammate-idle-guard.sh prevents false idle nudges
- **Follows:** agent-team-execution or single-agent implementation

Related Skills

outcome-review

5
from damianpapadopoulos/auto-claude-skills

Use when reviewing a shipped feature's real-world outcome in the LEARN phase — checking adoption, error, or experiment metrics after release, validating ship-time hypotheses, or deciding follow-up work — querying PostHog and creating gated follow-up Jira work

agent-team-execution

5
from damianpapadopoulos/auto-claude-skills

Use when executing implementation plans with 3+ independent, file-disjoint tasks that benefit from parallel specialist agents with shared contracts and reviewer-gated completion

agent-safety-review

5
from damianpapadopoulos/auto-claude-skills

Use when a design or implementation involves autonomous agents, unattended/background operation, private-data access combined with external/untrusted input, or outbound actions (sending data, posting, pushing, API calls) — the lethal-trifecta risk

unified-context-stack

5
from damianpapadopoulos/auto-claude-skills

Tiered context retrieval across External Truth (docs), Internal Truth (dependencies), Historical Truth (memory), and Intent Truth (feature specs) with graceful degradation based on installed tools.

supply-chain-investigation

5
from damianpapadopoulos/auto-claude-skills

Use when investigating a published supply-chain attack on a registry package (npm, Maven, PyPI, Go, Gradle) — advisory-driven org-wide audit. Triggers on attack-language ("compromised", "malicious", "hijacked", "backdoored", "typosquatted"). NOT for routine CVE scanning — that routes to security-scanner.

skill-scaffold

5
from damianpapadopoulos/auto-claude-skills

Emit repo-native seed files (SKILL.md skeleton, routing entry, test snippets) when creating new skills, commands, or plugins

security-scanner

5
from damianpapadopoulos/auto-claude-skills

Use when reviewing code changes for security issues — during REVIEW phase or on explicit security, vulnerability, SAST, or secret-scan requests — running available Semgrep/Opengrep, Trivy, and Gitleaks scanners with a self-healing fix loop

runtime-validation

5
from damianpapadopoulos/auto-claude-skills

Use when you need to prove a change actually works through its real interfaces — during REVIEW or on requests like validate the feature, does it work, run e2e, or smoke test — covering browser E2E, API smoke, CLI checks, and a11y audits with graceful tool-degradation

prototype-lab

5
from damianpapadopoulos/auto-claude-skills

Produce 3 thin comparable variants of a proposed design with a comparison artifact and mandatory Human Validation Plan

project-verification

5
from damianpapadopoulos/auto-claude-skills

Use when you need to run the repo's own declared test/lint/type gate locally and emit pass/fail evidence — during REVIEW, before requesting code review, or on a request to run the tests or verify the build — discovering the gate from CLAUDE.md, Makefile, pyproject, or .verify.yml

product-discovery

5
from damianpapadopoulos/auto-claude-skills

Use when starting a new feature or initiative and you need problem context, prior art, and acceptance criteria before design — the DISCOVER phase entry point — pulling Jira/Confluence context and synthesizing a discovery brief to validate problem framing

openspec-ship

5
from damianpapadopoulos/auto-claude-skills

Use when shipping a completed feature and generating as-built OpenSpec docs before branch finalization