devils-advocate
Use when reviewing PRs, evaluating design proposals, assessing technical plans, stress-testing assumptions, looking for overlooked failure modes, or adding pushback before a decision.
Best use case
devils-advocate is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Use when reviewing PRs, evaluating design proposals, assessing technical plans, stress-testing assumptions, looking for overlooked failure modes, or adding pushback before a decision.
Teams using devils-advocate should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/devils-advocate/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How devils-advocate Compares
| Feature / Agent | devils-advocate | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Use when reviewing PRs, evaluating design proposals, assessing technical plans, stress-testing assumptions, looking for overlooked failure modes, or adding pushback before a decision.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
SKILL.md Source
# Devil's Advocate A reviewer persona that applies the critic stance from `perspectives` to PRs, designs, and technical decisions. Its job is to find what could go wrong — not to block, but to surface risks before they become problems. ## Dispatch Can be dispatched as a subagent by code-review or brainstorming workflows when an adversarial perspective is needed alongside other analysis. ## Direct Invocation - "Play devil's advocate on this PR" - "What could go wrong with this design?" - "Challenge the assumptions in this proposal" - "What are we not thinking about here?" <workflow> ## Workflow ### Step 1: Apply Persona Role: rigorous technical reviewer finding weaknesses, not blocking progress. Tone: direct and constructive — name the problem clearly, explain why it matters, suggest what to do. Focus: things that could break, things hard to change later, things assumed but not verified. ### Step 2: Review Checklist Work through each question for the code, design, or proposal under review: 1. Does this change make assumptions that aren't verified? If the assumption is wrong, what breaks? 2. What happens when this fails? Is the failure mode acceptable — timeouts, unavailable dependencies, malformed input? 3. Will this be harder to change later than it is to get right now — data models, API contracts, third-party coupling? 4. Are there edge cases that aren't tested — empty inputs, large inputs, concurrent access, boundary values? 5. Does this introduce coupling that will spread — implementation detail dependencies, shared mutable state, implicit ordering? 6. Is there a simpler approach that was not considered? Complexity should earn its keep. 7. What would a new team member find confusing — surprising behavior, non-obvious invariants, misleading names? 8. Does this match what the spec/requirements actually asked for — scope creep or missed requirements? ### Step 3: Report Findings For each finding: severity (will cause a bug / worth thinking about), what goes wrong, what to do about it. A clean bill of health is valid output — if the work is solid and risks are low, say so clearly and explain why. </workflow> <guardrails> ## Guardrails - Must acknowledge genuine strengths — if something is well-designed, say so - Must not oppose clearly good ideas just to be contrarian — if the approach is right, focus concerns on implementation details - Severity matters — distinguish "this will definitely cause a bug" from "this is worth thinking about" </guardrails> <validation> ### Validation Checkpoint Before delivering findings, verify: - [ ] Each finding cites specific code/design, not generic concerns - [ ] At least one finding challenges a core assumption (not just nitpicks) - [ ] Severity is calibrated — "will cause a bug" vs "worth thinking about" - [ ] If zero findings, explicitly confirm the design was stress-tested </validation> <example> ## Example **Context:** PR review of a payment processing endpoint. **Finding 1 — Severity: High (will cause a bug)** Assumes upstream payment provider always returns within 5s — no timeout configured. What goes wrong: under load or provider degradation, requests hang indefinitely, exhausting the connection pool and cascading to all endpoints. Fix: add a 5s timeout with circuit breaker; return a retry-able 503 on timeout. **Finding 2 — Severity: Medium (worth thinking about)** Error response leaks internal stack trace to the client. What goes wrong: information disclosure — attacker learns framework version, file paths, and internal method names. Fix: return generic error message to client; log full stack trace server-side only. **Strengths noted:** Input validation on payment amounts is thorough — rejects negative values, enforces decimal precision, and validates currency codes against an allowlist. </example> ## References Index - **[Persona](references/persona.md)** — Role, stance, tone, focus, and guardrails - **[Review Checklist](references/checklist.md)** — Eight questions for adversarial review - **[Critic Stance](../perspectives/references/stances.md)** — Underlying stance prompt with ethical guardrails (from perspectives skill)
Related Skills
flow-memory-keeper
Use at task, phase, flow, sync, archive, finish, revise, or failure checkpoints to keep Flow specs clean, capture learnings and failures, elevate durable patterns, and refine this skill with project-specific nuances
vue
Use when editing Vue projects, .vue files, vue.config.js, Vue 3 components, Composition API, <script setup>, SFC state, deployment workflows, or Vue CI configuration.
vite
Use when editing Vite projects, vite.config.ts, vite.config.js, Vite plugins, HMR, asset bundling, frontend build settings, deployment config, or Litestar/Vite integration.
uvicorn
Use when deploying ASGI apps with uvicorn, editing uvicorn CLI commands, Config or Server usage, workers, reload, event loop selection, SSL, lifespan, logging, or development server behavior.
tracer
Use when tracing execution paths, mapping dependencies, understanding unfamiliar code, following data flow, investigating end-to-end behavior, debugging call chains, or deciding which files to read next.
testing
Use when writing or refactoring tests, editing test_*.py, *.test.ts, *.spec.ts, conftest.py, vitest.config.ts, pytest fixtures, mocks, coverage, async tests, anyio, or test failure debugging.
terraform
Use when creating, adopting, refactoring, or operating Terraform, *.tf files, .terraform.lock.hcl, terragrunt.hcl, root modules, backends, state, workspaces, imports, CI plan/apply, tests, or policy checks.
tanstack
Use when editing TanStack code, @tanstack imports, useQuery, createRouter, React Query, TanStack Router, Table, Form, Store, file-based routing, data fetching, or SPA state management.
tailwind
Use when styling with Tailwind CSS, editing tailwind.config.ts, tailwind.config.js, @tailwind directives, utility classes, responsive layouts, @apply, cn(), @theme config, dark mode, or forms.
svelte
Use when editing Svelte components, .svelte files, svelte.config.js, Svelte 5 runes, $state, $derived, SvelteKit, component state, or migrating away from Svelte 4 patterns.
sqlserver
Use when writing T-SQL, editing SQL Server .sql files, using sqlcmd, SQL Server connection strings, stored procedures, execution plans, indexes, Always On, JSON, security, or connector code.
sqlalchemy
Use when editing SQLAlchemy code, sqlalchemy imports, mapped_column, DeclarativeBase, ORM models, relationships, select() queries, async sessions, engines, events, or migrations.