Prevent agents from delegating reviews to roborev skills (#307)

wesm · claude · web-flow · commit 5e41fb57d015 · 2026-02-19T06:33:06.000-06:00
## Summary - Adds an explicit instruction to all review system prompts telling agents to perform the review directly, not delegate to external skills or CLI tools - Fixes Codex loading `SKILL.md` and invoking `roborev review` instead of analyzing the diff itself Closes #306 ## Test plan - [ ] Verify prompt package tests pass - [ ] Run a codex review and confirm it no longer invokes `roborev review` - [ ] Run a claude-code review and confirm no skill invocation 🤖 Generated with [Claude Code](https://claude.com/claude-code) --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
diff --git a/internal/prompt/prompt.go b/internal/prompt/prompt.go
@@ -14,6 +14,14 @@ import (
 // If the prompt with diffs exceeds this, we fall back to just commit info
 const MaxPromptSize = 250 * 1024
 
+// noSkillsInstruction tells agents not to delegate the review to external
+// tools or skills. Codex and Claude Code discover roborev skills in the
+// user's environment and will try to invoke them instead of performing the
+// review directly (see #306).
+const noSkillsInstruction = `
+
+IMPORTANT: You are being invoked by roborev to perform this review directly. Do NOT use any external skills, slash commands, or CLI tools (such as "roborev review") to delegate this task. Perform the review yourself by analyzing the diff provided below.`
+
 // SystemPromptSingle is the base instruction for single commit reviews
 const SystemPromptSingle = `You are a code reviewer. Review the git commit shown below for:
 
diff --git a/internal/prompt/templates.go b/internal/prompt/templates.go
@@ -37,7 +37,11 @@ func getSystemPrompt(agentName string, promptType string, now func() time.Time)
 	tmplName := fmt.Sprintf("templates/%s_%s.tmpl", agentName, templateType)
 	content, err := templateFS.ReadFile(tmplName)
 	if err == nil {
-		return appendDateLine(string(content), now)
+		base := string(content)
+		if promptType != "run" {
+			base += noSkillsInstruction
+		}
+		return appendDateLine(base, now)
 	}
 
 	// Fallback to default constants
@@ -61,7 +65,7 @@ func getSystemPrompt(agentName string, promptType string, now func() time.Time)
 	default:
 		base = SystemPromptSingle
 	}
-	return appendDateLine(base, now)
+	return appendDateLine(base+noSkillsInstruction, now)
 }
 
 // appendDateLine adds the current UTC date to a system prompt.
diff --git a/internal/prompt/templates_test.go b/internal/prompt/templates_test.go
@@ -20,13 +20,14 @@ func TestGetSystemPrompt(t *testing.T) {
 	geminiReviewPrompt := getSystemPrompt("gemini", "review", mockNow)
 
 	type testCase struct {
-		name           string
-		agent          string
-		command        string
-		wantContains   []string
-		wantExact      string // if set, checks for exact match
-		wantNotDefault bool   // if true, ensures it's not SystemPromptSingle (default)
-		wantEmpty      bool
+		name            string
+		agent           string
+		command         string
+		wantContains    []string
+		wantNotContains []string
+		wantExact       string // if set, checks for exact match
+		wantNotDefault  bool   // if true, ensures it's not SystemPromptSingle (default)
+		wantEmpty       bool
 	}
 
 	tests := []testCase{
@@ -87,6 +88,31 @@ func TestGetSystemPrompt(t *testing.T) {
 			command:   "run",
 			wantEmpty: true,
 		},
+		{
+			name:         "Review includes no-skills instruction",
+			agent:        "claude-code",
+			command:      "review",
+			wantContains: []string{"Do NOT use any external skills"},
+		},
+		{
+			name:         "Security includes no-skills instruction",
+			agent:        "claude-code",
+			command:      "security",
+			wantContains: []string{"Do NOT use any external skills"},
+		},
+		{
+			name:         "Address includes no-skills instruction",
+			agent:        "claude-code",
+			command:      "address",
+			wantContains: []string{"Do NOT use any external skills"},
+		},
+		{
+			name:            "Gemini run excludes no-skills instruction",
+			agent:           "gemini",
+			command:         "run",
+			wantContains:    []string{"Do NOT explain your process"},
+			wantNotContains: []string{"Do NOT use any external skills"},
+		},
 	}
 
 	for _, tc := range tests {
@@ -125,6 +151,12 @@ func TestGetSystemPrompt(t *testing.T) {
 					t.Errorf("got prompt missing %q. Got start: %s", substr, snippet)
 				}
 			}
+
+			for _, substr := range tc.wantNotContains {
+				if strings.Contains(got, substr) {
+					t.Errorf("prompt should NOT contain %q", substr)
+				}
+			}
 		})
 	}
 }

Original file line number	Diff line number	Diff line change
`@@ -37,7 +37,11 @@ func getSystemPrompt(agentName string, promptType string, now func() time.Time)`
`37`	`37`	`tmplName := fmt.Sprintf("templates/%s_%s.tmpl", agentName, templateType)`
`38`	`38`	`content, err := templateFS.ReadFile(tmplName)`
`39`	`39`	`if err == nil {`
`40`		`- return appendDateLine(string(content), now)`
	`40`	`+ base := string(content)`
	`41`	`+ if promptType != "run" {`
	`42`	`+ base += noSkillsInstruction`
	`43`	`+ }`
	`44`	`+ return appendDateLine(base, now)`
`41`	`45`	`}`
`42`	`46`
`43`	`47`	`// Fallback to default constants`
`@@ -61,7 +65,7 @@ func getSystemPrompt(agentName string, promptType string, now func() time.Time)`
`61`	`65`	`default:`
`62`	`66`	`base = SystemPromptSingle`
`63`	`67`	`}`
`64`		`- return appendDateLine(base, now)`
	`68`	`+ return appendDateLine(base+noSkillsInstruction, now)`
`65`	`69`	`}`
`66`	`70`
`67`	`71`	`// appendDateLine adds the current UTC date to a system prompt.`