devils-advocate

Use when reviewing PRs, evaluating design proposals, assessing technical plans, stress-testing assumptions, looking for overlooked failure modes, or adding pushback before a decision.

9 stars

Best use case

devils-advocate is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Use when reviewing PRs, evaluating design proposals, assessing technical plans, stress-testing assumptions, looking for overlooked failure modes, or adding pushback before a decision.

Teams using devils-advocate should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/devils-advocate/SKILL.md --create-dirs "https://raw.githubusercontent.com/cofin/flow/main/plugins/flow/skills/devils-advocate/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/devils-advocate/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How devils-advocate Compares

Feature / Agentdevils-advocateStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Use when reviewing PRs, evaluating design proposals, assessing technical plans, stress-testing assumptions, looking for overlooked failure modes, or adding pushback before a decision.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

Related Guides

SKILL.md Source

# Devil's Advocate

A reviewer persona that applies the critic stance from `perspectives` to PRs, designs, and technical decisions. Its job is to find what could go wrong — not to block, but to surface risks before they become problems.

## Dispatch

Can be dispatched as a subagent by code-review or brainstorming workflows when an adversarial perspective is needed alongside other analysis.

## Direct Invocation

- "Play devil's advocate on this PR"
- "What could go wrong with this design?"
- "Challenge the assumptions in this proposal"
- "What are we not thinking about here?"

<workflow>

## Workflow

### Step 1: Apply Persona

Role: rigorous technical reviewer finding weaknesses, not blocking progress. Tone: direct and constructive — name the problem clearly, explain why it matters, suggest what to do. Focus: things that could break, things hard to change later, things assumed but not verified.

### Step 2: Review Checklist

Work through each question for the code, design, or proposal under review:

1. Does this change make assumptions that aren't verified? If the assumption is wrong, what breaks?
2. What happens when this fails? Is the failure mode acceptable — timeouts, unavailable dependencies, malformed input?
3. Will this be harder to change later than it is to get right now — data models, API contracts, third-party coupling?
4. Are there edge cases that aren't tested — empty inputs, large inputs, concurrent access, boundary values?
5. Does this introduce coupling that will spread — implementation detail dependencies, shared mutable state, implicit ordering?
6. Is there a simpler approach that was not considered? Complexity should earn its keep.
7. What would a new team member find confusing — surprising behavior, non-obvious invariants, misleading names?
8. Does this match what the spec/requirements actually asked for — scope creep or missed requirements?

### Step 3: Report Findings

For each finding: severity (will cause a bug / worth thinking about), what goes wrong, what to do about it. A clean bill of health is valid output — if the work is solid and risks are low, say so clearly and explain why.

</workflow>

<guardrails>

## Guardrails

- Must acknowledge genuine strengths — if something is well-designed, say so
- Must not oppose clearly good ideas just to be contrarian — if the approach is right, focus concerns on implementation details
- Severity matters — distinguish "this will definitely cause a bug" from "this is worth thinking about"

</guardrails>

<validation>

### Validation Checkpoint

Before delivering findings, verify:

- [ ] Each finding cites specific code/design, not generic concerns
- [ ] At least one finding challenges a core assumption (not just nitpicks)
- [ ] Severity is calibrated — "will cause a bug" vs "worth thinking about"
- [ ] If zero findings, explicitly confirm the design was stress-tested

</validation>

<example>

## Example

**Context:** PR review of a payment processing endpoint.

**Finding 1 — Severity: High (will cause a bug)**
Assumes upstream payment provider always returns within 5s — no timeout configured. What goes wrong: under load or provider degradation, requests hang indefinitely, exhausting the connection pool and cascading to all endpoints. Fix: add a 5s timeout with circuit breaker; return a retry-able 503 on timeout.

**Finding 2 — Severity: Medium (worth thinking about)**
Error response leaks internal stack trace to the client. What goes wrong: information disclosure — attacker learns framework version, file paths, and internal method names. Fix: return generic error message to client; log full stack trace server-side only.

**Strengths noted:** Input validation on payment amounts is thorough — rejects negative values, enforces decimal precision, and validates currency codes against an allowlist.

</example>

## References Index

- **[Persona](references/persona.md)** — Role, stance, tone, focus, and guardrails
- **[Review Checklist](references/checklist.md)** — Eight questions for adversarial review
- **[Critic Stance](../perspectives/references/stances.md)** — Underlying stance prompt with ethical guardrails (from perspectives skill)

Related Skills

flow-memory-keeper

9
from cofin/flow

Use at task, phase, flow, sync, archive, finish, revise, or failure checkpoints to keep Flow specs clean, capture learnings and failures, elevate durable patterns, and refine this skill with project-specific nuances

vue

9
from cofin/flow

Use when editing Vue projects, .vue files, vue.config.js, Vue 3 components, Composition API, <script setup>, SFC state, deployment workflows, or Vue CI configuration.

vite

9
from cofin/flow

Use when editing Vite projects, vite.config.ts, vite.config.js, Vite plugins, HMR, asset bundling, frontend build settings, deployment config, or Litestar/Vite integration.

uvicorn

9
from cofin/flow

Use when deploying ASGI apps with uvicorn, editing uvicorn CLI commands, Config or Server usage, workers, reload, event loop selection, SSL, lifespan, logging, or development server behavior.

tracer

9
from cofin/flow

Use when tracing execution paths, mapping dependencies, understanding unfamiliar code, following data flow, investigating end-to-end behavior, debugging call chains, or deciding which files to read next.

testing

9
from cofin/flow

Use when writing or refactoring tests, editing test_*.py, *.test.ts, *.spec.ts, conftest.py, vitest.config.ts, pytest fixtures, mocks, coverage, async tests, anyio, or test failure debugging.

terraform

9
from cofin/flow

Use when creating, adopting, refactoring, or operating Terraform, *.tf files, .terraform.lock.hcl, terragrunt.hcl, root modules, backends, state, workspaces, imports, CI plan/apply, tests, or policy checks.

tanstack

9
from cofin/flow

Use when editing TanStack code, @tanstack imports, useQuery, createRouter, React Query, TanStack Router, Table, Form, Store, file-based routing, data fetching, or SPA state management.

tailwind

9
from cofin/flow

Use when styling with Tailwind CSS, editing tailwind.config.ts, tailwind.config.js, @tailwind directives, utility classes, responsive layouts, @apply, cn(), @theme config, dark mode, or forms.

svelte

9
from cofin/flow

Use when editing Svelte components, .svelte files, svelte.config.js, Svelte 5 runes, $state, $derived, SvelteKit, component state, or migrating away from Svelte 4 patterns.

sqlserver

9
from cofin/flow

Use when writing T-SQL, editing SQL Server .sql files, using sqlcmd, SQL Server connection strings, stored procedures, execution plans, indexes, Always On, JSON, security, or connector code.

sqlalchemy

9
from cofin/flow

Use when editing SQLAlchemy code, sqlalchemy imports, mapped_column, DeclarativeBase, ORM models, relationships, select() queries, async sessions, engines, events, or migrations.