Menu
Activate when user mentions analyze, review, validate, critique, debug, troubleshoot, red-team, adversarial, or "what could go wrong". Use for code review, debugging, validation, and error investigation.
| name | analysis-workflow |
| description | Activate when user mentions analyze, review, validate, critique, debug, troubleshoot, red-team, adversarial, or "what could go wrong". Use for code review, debugging, validation, and error investigation. |
Auto-activate when: User mentions analyze, review, validate, critique, debug, troubleshoot, red-team, adversarial, "what could go wrong", test failure, error, unexpected behavior, or asks to evaluate plans, systems, code, or architecture.
This skill provides three complementary analysis approaches:
| Approach | Use When | File |
|---|---|---|
| Structured Analysis | Evaluating plans, designs, prompts, architecture | Frameworks for systematic evaluation |
| Debugging | Errors, test failures, unexpected behavior | Systematic root cause analysis |
| Adversarial Review | Red-team critique, finding blind spots | Attack-oriented flaw discovery |
From cognitive science research: Technological aids (frameworks, checklists, structured processes) are 2x more effective than pure cognitive strategies for reducing bias. Build analysis into systems, don't rely on willpower.
You cannot think your way out of biases you don't know you have.
This explains WHY frameworks matter: they externalize reasoning so it can be examined, challenged, and improved.
Finding problems is easy. Finding problems WORTH SOLVING is the real skill.
Analysis frameworks bias toward "find issue → recommend mitigation." This creates:
Before recommending ANY mitigation or addition:
Security: "If I remove this control, what specific attack becomes possible?"
Complexity: "If I remove this abstraction, what real problem occurs?"
If the answer is vague ("defense in depth", "best practices", "might need it later"), the recommendation may be theater.
A GitLab deployment added Cilium CNI "for NetworkPolicy support" after security analysis recommended pod segmentation. The NetworkPolicies:
0.0.0.0/0 (everything)The cost: DNS outages during every infrastructure change, hours of debugging.
The analysis found a "gap" (no NetworkPolicy) without asking "does this deployment need NetworkPolicy?"
| Strong Analysis | Weak Analysis (Theater Warning) |
|---|---|
| Finds real problems (not hypothetical) | Every finding leads to "add more controls" |
| Confidence varies appropriately | No recommendations rejected as not worth cost |
| Some recommendations are "don't add this" | "Defense in depth" without specific threat |
| Scope gets trimmed (not expanded) | Complexity always increases, never decreases |
| Mitigations have clear cost-benefit | Generic best practices applied without context |
The best analysis sometimes concludes: "This is already good enough for its context."
Is there an error/failure/unexpected behavior?
├─ YES → Use debugging.md (systematic debugging)
└─ NO
└─ Are you reviewing/validating a plan or design?
├─ YES → Need to find flaws/attack vectors?
│ ├─ YES → Use adversarial.md (red-team)
│ └─ NO → Use structured-analysis.md (frameworks)
└─ NO → Use structured-analysis.md (general analysis)
| Trigger | Approach |
|---|---|
| Test failure, error, bug, "doesn't work" | debugging.md |
| "Find flaws", "what could go wrong", "poke holes" | adversarial.md |
| "Review this", "analyze", "evaluate" | structured-analysis.md |
| Security review, threat modeling | adversarial.md + structured-analysis.md |
| Code review, architecture review | structured-analysis.md |
Research shows these biases most affect technical analysis:
| Bias | Description | Counter |
|---|---|---|
| Confirmation bias | Seeking evidence that confirms, not refutes | "Consider the opposite" |
| Overconfidence | Overestimating abilities/likelihood of success | Pre-mortem, calibration |
| Anchoring | Early info disproportionately influences | Outside view, reference class |
| Availability | Recent examples dominate over statistics | Base rates, systematic search |
| Planning fallacy | Underestimate time/cost despite history | Reference class forecasting |
| Anti-Pattern | Problem | Fix |
|---|---|---|
| Over-engineering | deep-analyze for trivial questions | Match complexity to importance |
| Random fix attempts | Trying permutations without understanding | Use systematic debugging |
| Verification theater | Finding nothing wrong | Genuine critique required |
| Security theater | Adding controls for hypothetical threats | Ask: "What specific attack?" |
| Complexity theater | Adding abstractions to feel thorough | Ask: "What breaks if removed?" |
| Scope creep | "While we're at it..." | MVP first, defer nice-to-haves |
Brave browser tab URL capture. Activate when the user asks to capture, export, list, archive, save, or recover open Brave tabs, browser tabs, tab URLs, or session files.
Private datastore workflow. Activate when writing, saving, archiving, packing, encrypting, committing, or storing sensitive local files under private/ or Dolos encrypted archives.
Use when working with X/Twitter: x.com feed extraction, tweet/profile checks, following/follower lists, twitterapi.io, browser-agent pulls, or local encrypted X data handling.
Shell scripting, CLI development, Bash, PowerShell, Makefiles, and cross-platform tooling. Activate when working with .sh, .bash, .ps1, Makefile files or discussing shell/CLI patterns.
Use when the user asks to create, draft, write, improve, optimize, or build an inline Pi /goal command, goal prompt file, long-running objective, or goal_prompt_file.md. Triggers: /goal prompt, goal prompt, pi goal, goal_prompt_file.md, write a goal for, turn this into a goal.
Personal development philosophy emphasizing experiment-driven, fail-fast approach. Activate when planning implementations, reviewing code architecture, making design decisions, or when user asks to apply development principles. Guides against over-engineering and towards solving real problems with simple solutions.