playbooks

home / skills / sounder25 / google-antigravity-skills-library / 19_adversarial_reviewer

19_adversarial_reviewer skill

/19_adversarial_reviewer

This skill generates a red-team critique of recent code to reveal weaknesses, edge cases, and overlooked assumptions before finalization.

npx playbooks add skill sounder25/google-antigravity-skills-library --skill 19_adversarial_reviewer

Review the files below or copy the command above to add this skill to your agents.

Files (6)
SKILL.md
1.9 KB
---
name: Adversarial Reviewer
description: Generates a 'Red Team' critique of recent code or plans to identify weak assumptions and edge cases.
version: 1.0.0
author: Antigravity Skills Library
created: 2026-01-16
leverage_score: 5/5
---

# SKILL-019: Adversarial Reviewer

## Overview

Forces a context switch from "Builder" to "Attacker". Ideally used before finalizing any critical component (e.g. auth, payments, file I/O). It prepares a **structured prompt packet** that the agent then uses to critique its own work.

## Trigger Phrases

- `red team this`
- `adversarial review`
- `find bugs`
- `critique code`

## Inputs

| Parameter | Type | Required | Default | Description |
|-----------|------|----------|---------|-------------|
| `--FilePath` | string | Yes | - | Path to the file to review |
| `--Mode` | string | No | `Security` | `Security`, `Performance`, or `Logic` |

## Outputs

### 1. Structured Prompt (Markdown)

A prompt template pre-filled with the code and specific attack vectors. **The Agent must then "simulate" the adversary by responding to this prompt.**

```markdown
# ⚔️ ADVERSARIAL REVIEW REQUEST
**TARGET:** src/Auth.cs
**MODE:** SECURITY

## INSTRUCTIONS
You are now the ADVERSARY. Break this code.
Look for:
1. Race Conditions
2. Replay Attacks
...
```

## Preconditions

1. Target file exists.
2. PowerShell 5.1+ or Core 7+.

## Safety/QA Checks

1. **Read-Only**: Does not modify the code; only reads it.
2. **Size Limit**: If file is massive (>10k lines), warns or truncates to prevent token overflow.

## Stop Conditions

| Condition | Action |
|-----------|--------|
| File not found | Return error |

## Implementation

See `scripts/prepare_review.ps1`.

## Integration with Other Skills

1. Call `prepare_review.ps1`.
2. **Agent Step**: Read the output text.
3. **Agent Step**: "Thinking" block -> Process the critique.
4. **Agent Step**: Generate list of fixes.

Overview

This skill generates a focused 'Red Team' critique of recent code or design plans to surface weak assumptions, edge cases, and attack vectors before release. It prepares a structured adversarial prompt packet that an agent uses to simulate an attacker and produce actionable findings. The skill is designed for final-stage reviews of high-risk components like auth, payments, and file I/O. Implementation is PowerShell-first and runs as a read-only analysis step.

How this skill works

The skill reads the target file and builds a pre-filled adversarial review prompt that specifies the review mode (Security, Performance, or Logic) and prioritized attack vectors. It enforces safety checks (read-only, size limits) and truncates or warns on very large files. The agent then consumes the prompt, adopts an adversary persona, lists vulnerabilities and edge cases, and returns prioritized fixes and mitigation steps.

When to use it

  • Before deploying or shipping authentication, authorization, or payment code.
  • When finalizing modules that handle untrusted input, file I/O, or concurrency.
  • During security sprint reviews or pre-release checklists.
  • When you need a structured adversarial prompt for automated agents.
  • If you want deterministic, repeatable critiques with safety gates.

Best practices

  • Run against a single logical file or small module to keep critiques focused and actionable.
  • Choose the appropriate Mode (Security, Performance, Logic) to guide the attack vectors.
  • Keep source input under the size limit or provide a trimmed representative sample.
  • Treat the output as a prioritized list: validate high-severity issues first.
  • Pair the adversarial review with automated tests and a Failure Postmortem step.

Example use cases

  • Red-team an Auth.cs implementation to find token replay, improper validation, or race conditions.
  • Critique a payment processing flow to surface edge-case failures and timing attacks.
  • Review file upload handling to expose path traversal and unsafe deserialization scenarios.
  • Run a performance-mode review on a hot loop to detect locking or allocation-induced stalls.
  • Integrate into CI as a final pre-merge gate for high-risk components.

FAQ

Does the skill modify my code?

No. The skill is strictly read-only and only produces a prompt and critique; it never writes changes to source files.

What happens if the file is very large?

The skill warns or truncates the input beyond a configured threshold to avoid token overflow and encourages providing a representative excerpt.