| name | analyze |
| description | Conduct structured analysis on any problem using CIA/IC analytic techniques — assess competing hypotheses, challenge assumptions, stress-test judgments, and produce defensible evidence-based assessments with full citations. Supports 18 techniques including ACH, Key Assumptions Check, What-If, Premortem, Cross-Impact Matrix, Contrasting Narratives, Devil's Advocacy, Red Hat Analysis, Alternative Futures, and Deception Detection. |
| argument-hint | [technique or flags, e.g. ach, --guided, --no-osint] |
| allowed-tools | Read, Edit, Write, Glob, Grep, Bash, WebSearch, WebFetch, Agent |
Structured Analysis Skill
Apply CIA/IC Structured Analytic Techniques to produce defensible, evidence-based analytical assessments. Every claim must be cited. Every judgment must trace to technique outputs.
Invocation
/analyze → Adaptive mode (auto-select techniques)
/analyze <technique> → Direct mode (run one technique)
/analyze --guided → Guided mode (walk through all phases)
/analyze --resume <analysis-id> → Resume or update existing analysis
/analyze --iterate <analysis-id> → Re-run full analysis with new evidence
/analyze --iterate <analysis-id> <technique> → Re-run specific technique(s)
/analyze --lean → Lean mode (abbreviated technique set)
/analyze --comprehensive → Comprehensive mode (full rubric, adversarial + deception checks)
/analyze --no-osint → Disable web research
Techniques: customer-checklist, issue-redefinition, restatement, brainstorm, kac, ach, inconsistencies, cross-impact, what-if, premortem, counterfactual, narratives, bowtie, opportunities, devils-advocacy, red-hat, alt-futures, deception
Flags combine: /analyze --guided --no-osint is valid.
Q Investigation System Integration
This skill is integrated into the Q investigation system..
Output Path Override
All analysis output goes inside the active case folder, not the project root.
When an active case exists (e.g., investigations/case-001-slug/), replace every reference to analyses/{{ANALYSIS_ID}}/ with:
investigations/<active-case>/output/analyses/{{ANALYSIS_ID}}/
If no active case is identified, ask the user which case this analysis belongs to.
Evidence Integration -- Tier 2 Local Files
When collecting Tier 2 (local file) evidence, always include the active case's collected intelligence. In addition to generic Glob discovery, explicitly search these directories:
investigations/<active-case>/investigation/targets/ -- target profiles with collection status and gapsinvestigations/<active-case>/investigation/findings/ -- confirmed/assessed findings with confidence levelsinvestigations/<active-case>/investigation/evidence/ -- raw evidence and screenshotsinvestigations/<active-case>/investigation/timelines/ -- chronological event datainvestigations/<active-case>/canonical/scope.md -- hypotheses and collection requirements
This is the richest local evidence available. Prioritize it over generic file discovery.
Feeding Results Back to Q
After any /analyze run completes, update the active case:
- Add key findings to
investigation/findings/ (with citation back to the analysis)
- Update
memory/investigation-state.md with analysis summary and which techniques were run
- If the analysis surfaced new collection gaps, flag them in
investigation-state.md and suggest /q-scope to the user (file authority: canonical/ is only updated via /q-scope)
OSINT Note
This system uses Apify/Exa/Jina for OSINT collection (not Firecrawl). When the skill needs web research, it should use the built-in WebSearch and WebFetch tools. For deeper collection, use /q-osint or /q-collect first, then run /analyze --no-osint on the collected evidence.
Execution
You MUST read the orchestrator protocol before proceeding. It contains mode routing, technique selection logic, and the technique routing table.
Step 0 — Context Inference
Before parsing explicit arguments, scan the conversation history for implicit inputs. Users often invoke /analyze mid-conversation after discussing a problem, providing data, or sharing links.
Extract from conversation context:
- Problem statement: What is the user trying to analyze? Look for questions, concerns, scenarios, or decisions under discussion.
- Implicit technique hints: Did the user mention assumptions, hypotheses, competing explanations, risks, or scenarios? Map these to techniques (e.g., "I'm not sure which explanation is right" → ACH, "what could go wrong" → Premortem).
- Implicit flags: Did the user indicate they want something quick (→
--lean), don't want web research (→ --no-osint), or want to walk through everything (→ --guided)?
- Prior analysis: Are there existing analyses in the active case's
output/analyses/ for the same topic? (→ suggest --resume or --iterate)
- Evidence already provided: Files shared, URLs pasted, data discussed — these become Tier 1/2 evidence.
Step 0.1 — Validate Assumptions
If context inference produced any results, present them to the user for confirmation before proceeding:
Based on our conversation, here's what I'm picking up:
**Problem**: [inferred problem statement]
**Mode**: [inferred mode + rationale]
**Techniques**: [inferred techniques, if any]
**Flags**: [inferred flags, if any]
**Prior context**: [files, data, or evidence already in conversation]
Does this look right? Adjust anything before I proceed.
If the user provided explicit arguments, those always take precedence — but still surface any useful context (e.g., "You asked for ACH. I also noticed you shared [file] earlier — I'll include that as evidence.").
If no conversation context exists and no arguments were provided, proceed directly to Adaptive mode (the orchestrator will prompt for a problem statement).
Steps 1–6 — Main Execution
- Read
protocols/orchestrator.md (relative to this skill's directory)
- Parse explicit arguments → determine mode and flags (merge with Step 0 inferences, explicit args win)
- Follow the orchestrator's instructions for the detected mode
- For technique execution, follow the orchestrator's Technique Execution Contract:
- 1 technique (Direct mode): Execute in-context — read protocol, read template, execute SETUP → PRIME → EXECUTE → ARTIFACT → FINDINGS → HANDOFF, write artifact to
{{ANALYSIS_DIR}}/working/
- 2+ techniques: Dispatch to background subagents in dependency-aware tiers — each subagent reads protocol/template, executes the technique, writes the artifact, and returns only a compact findings summary. Main context accumulates summaries and file paths, not full technique work.
- For evidence gathering: read and execute
protocols/evidence-collector.md
- For report synthesis: dispatch per
protocols/report-generator.md Phase A/B architecture
Self-Correction (3 Layers)
- Layer 1 (after each technique, silent): Protocol compliance check — all steps completed? All template sections filled? No unfilled
{{PLACEHOLDER}} tokens?
- Layer 2 (before report, silent): Analytical self-critique — 8 checks:
- 3a. Assumption audit
- 3b. Evidence balance
- 3c. Confidence calibration
- 3d. Alternative check
- 3e. Missing voices
- 3f. Internal consistency audit (cross-artifact validation)
- 3g. Analytical bias scan (sycophancy, anchoring, vividness, completion, authority)
- 3h. Quality score (quantitative 1-5 with pass/fail threshold)
- Layer 3 (before finalization): Human review gate — present summary (including quality score), incorporate feedback
- Auto-Remediation Gate (between Phase A and Phase B): HIGH-severity Layer 2 flags (evidence imbalance >2:1, unstated critical premises, strong counter-arguments, sycophancy/anchoring bias, quality score < 3.0) trigger automatic remediation — the orchestrator invokes the iteration handler to collect targeted evidence, re-run flagged techniques (max 3), and regenerate the report before the user sees it. Capped at 1 cycle. Zero overhead when no HIGH flags exist.
- Critique-to-Iteration Bridge (after results): Remaining MEDIUM/LOW flags from Layer 1 and Layer 2 are mapped to specific technique re-runs and evidence collection focuses, presented as ready-to-run
/analyze --iterate commands. Only fires when actionable flags exist beyond what auto-remediation already addressed. All flags and their statuses are written to next-steps.md in the analysis root — a standalone ledger tracking OPEN, REMEDIATED, RESOLVED, and DEFERRED items across iterations. The --iterate handler reads this file as its primary input.
Citation Requirement
Every claim in every artifact must be cited. No exceptions. Citation methods:
- OSINT:
[Source](URL) — Retrieved: YYYY-MM-DD
- FILE:
[filename:line_range]
- USER:
[User-provided, session context]
- ANALYSIS:
[Derived via technique_name]
- PRIOR-ITERATION:
[PRIOR-v{N}: technique_name]
OSINT is never presented as fact — always "according to [source]".
Reference Library
For deep background on any technique, read library/00-prime.md (relative to this skill's directory) and the specific library files referenced in each protocol. The library contains the full theoretical foundation, axioms, selection matrices, and empirical critiques underlying this skill.
