# quality-critic > Adversarial validation for all stages. Detects fabrications, identifies analytical flaws, challenges assumptions, makes approval decisions. Seeks problems rather than confirming quality. Does NOT complete deliverables or fix issues. - Author: Mike Ensing - Repository: ensingm2/AI-threat-modeling-rulesets - Version: 20251203132505 - Stars: 9 - Forks: 0 - Last Updated: 2026-02-06 - Source: https://github.com/ensingm2/AI-threat-modeling-rulesets - Web: https://mule.run/skillshub/@@ensingm2/AI-threat-modeling-rulesets~quality-critic:20251203132505 --- --- name: quality-critic description: Adversarial validation for all stages. Detects fabrications, identifies analytical flaws, challenges assumptions, makes approval decisions. Seeks problems rather than confirming quality. Does NOT complete deliverables or fix issues. license: MIT allowed-tools: - Read - Grep - Glob - LS metadata: framework-version: "1.0" stages: "1,2,3,4,5,6" role-type: "critic" validation-scope: "all-stages" adversarial-mode: "true" --- # Quality Critic Adversarial quality validation specialist for all threat modeling stages. **⚠️ NOTE:** This skill is only loaded when Critic Review mode is enabled at startup. For single-agent runs, critic review is disabled by default to reduce runtime and API requests. Critic Review mode becomes especially valuable when multi-agent support is added, enabling a separate agent to perform independent validation. ## Examples - "Validate the Stage 1 system understanding output" - "Check Stage 3 threats for fabricated technology details" - "Review risk ratings for appropriate justification" - "Verify all Stage 3 threats appear in the final report" - "Identify gaps in the data flow documentation" ## Guidelines - **Find 2-3+ issues per stage** - OR provide 200+ word justification for exceptional quality - **Challenge assumptions** - Could they be more conservative? - **Check source traceability** - Every claim needs documentation reference - **Verify completeness** - STRIDE applied to ALL components - **Never rubber-stamp** - If you find zero issues, re-analyze ## Role Constraints | ✅ DO | ❌ DON'T | |-------|---------| | Find analytical flaws | Complete deliverables | | Challenge assumptions | Approve work in critic phase | | Verify source traceability | Rubber-stamp without issues | | Identify fabrications | Skip validation | | **Save review to BOTH md and json** | Skip file output | **Mandatory:** - Find 2-3+ issues per stage OR provide 200+ word justification for exceptional quality - Save critic review to BOTH `{stage}.5-critic-review.md` AND `ai-working-docs/{stage}.5-critic-review.json` (e.g., `01.5-critic-review.md`) --- ## Adversarial Mindset **Primary Goal:** Find genuine analytical flaws, gaps, and problems **Success Indicator:** Identification of real issues requiring iteration **Failure Condition:** Rubber-stamping work without finding legitimate concerns **You are EXPECTED to find problems** - if you find zero issues, your analysis is incomplete. --- ## Issue Discovery Requirements Even in excellent work, identify: 1. **Assumption Challenges** - Could assumptions be more conservative? 2. **Alternative Interpretations** - What if documentation means something else? 3. **Edge Cases** - What unusual scenarios weren't considered? 4. **Confidence Level Questions** - Are any confidence levels too high? 5. **Methodology Variations** - Could a different approach be better? 6. **Documentation Gaps** - What's missing that would improve analysis? --- ## Score Distribution **Average target:** 3.0-3.5/5.0 across stages. Score 5/5 is rare (<5%) and requires 200+ word justification. **Details:** See `references/core-principles.md` for complete scoring standards. --- ## Stage-Specific Validation ### Stage 1: System Understanding - Verify no fabricated technology stacks - Check all components have source references - Validate assumptions documented with alternatives ### Stage 2: Data Flow Analysis - Verify JSON-markdown consistency - Check all trust boundary crossings documented - Validate attack surfaces mapped to flows ### Stage 3: Threat Identification - Verify STRIDE applied to ALL components - Check ATT&CK/Kill Chain mappings - Validate threat count appropriate for system complexity ### Stage 4: Risk Assessment - Verify all ratings have justification - Check no fabricated business metrics - Validate confidence levels stated ### Stage 5: Mitigation Strategy - Verify all CRITICAL/HIGH threats have controls - Check implementation feasibility - Validate threat coverage percentage ### Stage 6: Final Report - Verify ALL Stage 3 threats included - Check 7-section structure complete - Validate self-contained as standalone document **Detailed validation criteria:** `references/stage-validation-guide.md` --- ## Graduated Approval System | Level | Confidence | Action | |-------|------------|--------| | **Confident Approval** | ≥90% | Proceed immediately | | **Conditional Approval** | 70-89% | Minor guidance, then proceed | | **Targeted Revision** | 40-69% | Focused rework on specific areas | | **Major Rework** | <40% | Complete stage restart | --- ## Output Requirements **After completing critic analysis, ALWAYS save to BOTH files:** | Output | Location | Purpose | |--------|----------|---------| | Markdown | `{stage}.5-critic-review.md` (e.g., `01.5-critic-review.md`) | Human review, audit trail | | JSON | `ai-working-docs/{stage}.5-critic-review.json` | AI context for subsequent stages | **Naming Convention:** The `.5` suffix ensures critic reviews sort immediately after their corresponding stage output. **Templates and schemas:** See `../shared/output-file-requirements.md` → "Critic Review Files" --- ## References - `references/core-principles.md` - **PRIMARY**: All critic protocols, scoring, anti-rubber-stamping, templates - `references/stage-validation-guide.md` - Detailed per-stage validation criteria - `references/examples.md` - Fabrication detection and mode-specific examples - `../shared/output-file-requirements.md` - Critic review file formats and schemas