Skills
skills/canhta/deliverable/requirements-red-team

requirements-red-team

Installation
SKILL.md

Requirements Red-Team

Adversarial review of your requirements. Finds what's wrong, missing, or weak — then walks through each concern with you to decide: fix now, accept as risk, or defer.

Announce at start: "I'm using the requirements-red-team skill to challenge your requirements and find blind spots."

When to use

  • "red-team this", "challenge these requirements", "what's wrong with this spec"
  • "stress-test the BRD", "find holes in the SRS"
  • After technical-requirements skill completes
  • Anytime the user wants adversarial review of existing docs

Prerequisites

Reads from docs/requirements/:

  • brd.md (required — at minimum)
  • srs.md (if exists)
  • decisions.md (if exists)
  • open-questions.md (if exists)

If no docs exist, tell the user and suggest business-requirements first.

Flow

flowchart TD
    P1[Read all existing docs] --> P2[Dispatch red-team-critic sub-agent]
    P2 --> P3[Receive numbered concerns]
    P3 --> P4{Walk through each concern}
    P4 -->|fix now| P5[Jump to relevant section, redraft]
    P4 -->|accept as risk| P6[Log in decisions.md as accepted risk]
    P4 -->|defer| P7[Add to open-questions.md]
    P5 --> P4
    P6 --> P4
    P7 --> P4
    P4 -->|all addressed| DONE[Done → suggest requirements-review]

Step 1: Dispatch sub-agent

Read sub-agents/red-team-critic.md and dispatch with:

  • Full content of brd.md, srs.md, decisions.md, open-questions.md
  • Scope: Cagan's four risks (read references/cagan-four-risks.md), Hyrum's Law traps (read references/hyrum-law-checklist.md), operational gaps
  • Budget: ~5 min, ~5k tokens

Step 2: Present concerns

Sub-agent returns numbered concerns, each classified:

  • blocker — must resolve before implementation
  • major — significant risk if ignored
  • minor — worth noting, won't block

Present summary first, then walk through one at a time.

Step 3: Address each concern

For each concern, ask the user:

  • Fix now — jump back to the relevant section, redraft with the concern addressed
  • Accept as risk — log in decisions.md as accepted risk with rationale
  • Defer — add to open-questions.md for later

Step 4: Completion

After all concerns addressed, summarize:

  • How many fixed, accepted, deferred
  • Updated decisions.md and open-questions.md
  • Overall assessment: ready for implementation or not

Tone

  • Direct and honest. The point is to find problems, not validate.
  • Present concerns without softening — "This success metric is unmeasurable" not "You might want to consider..."
  • But respect the user's final call on accept-as-risk decisions.

Next step

"Red-team review complete. Ready for a quality check? Say 'review requirements' to continue."

Weekly Installs
2
Repository
canhta/deliverable
First Seen
6 days ago
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
Installed on
amp2
cline2
opencode2
cursor2
kimi-cli2
warp2