Conduct structured analysis on any problem using CIA/IC analytic techniques — assess competing hypotheses, challenge assumptions, stress-test judgments, and produce defensible evidence-based assessments with full citations. Supports 18 techniques including ACH, Key Assumptions Check, What-If, Premortem, Cross-Impact Matrix, Contrasting Narratives, Devil's Advocacy, Red Hat Analysis, Alternative Futures, and Deception Detection.
Scanned 5/27/2026
Install via CLI
Skills Directoryopenskills install assafkip/huntkit---
name: analyze
description: Conduct structured analysis on any problem using CIA/IC analytic techniques — assess competing hypotheses, challenge assumptions, stress-test judgments, and produce defensible evidence-based assessments with full citations. Supports 18 techniques including ACH, Key Assumptions Check, What-If, Premortem, Cross-Impact Matrix, Contrasting Narratives, Devil's Advocacy, Red Hat Analysis, Alternative Futures, and Deception Detection.
argument-hint: "[technique or flags, e.g. ach, --guided, --no-osint]"
allowed-tools: Read, Edit, Write, Glob, Grep, Bash, WebSearch, WebFetch, Agent
---
# Structured Analysis Skill
Apply CIA/IC Structured Analytic Techniques to produce defensible, evidence-based analytical assessments. Every claim must be cited. Every judgment must trace to technique outputs.
## Invocation
```
/analyze → Adaptive mode (auto-select techniques)
/analyze <technique> → Direct mode (run one technique)
/analyze --guided → Guided mode (walk through all phases)
/analyze --resume <analysis-id> → Resume or update existing analysis
/analyze --iterate <analysis-id> → Re-run full analysis with new evidence
/analyze --iterate <analysis-id> <technique> → Re-run specific technique(s)
/analyze --lean → Lean mode (abbreviated technique set)
/analyze --comprehensive → Comprehensive mode (full rubric, adversarial + deception checks)
/analyze --no-osint → Disable web research
```
Techniques: `customer-checklist`, `issue-redefinition`, `restatement`, `brainstorm`, `kac`, `ach`, `inconsistencies`, `cross-impact`, `what-if`, `premortem`, `counterfactual`, `narratives`, `bowtie`, `opportunities`, `devils-advocacy`, `red-hat`, `alt-futures`, `deception`
Flags combine: `/analyze --guided --no-osint` is valid.
## Q Investigation System Integration
This skill is integrated into the Q investigation system..
### Output Path Override
**All analysis output goes inside the active case folder**, not the project root.
When an active case exists (e.g., `investigations/case-001-slug/`), replace every reference to `analyses/{{ANALYSIS_ID}}/` with:
```
investigations/<active-case>/output/analyses/{{ANALYSIS_ID}}/
```
If no active case is identified, ask the user which case this analysis belongs to.
### Evidence Integration -- Tier 2 Local Files
When collecting Tier 2 (local file) evidence, **always include the active case's collected intelligence**. In addition to generic Glob discovery, explicitly search these directories:
- `investigations/<active-case>/investigation/targets/` -- target profiles with collection status and gaps
- `investigations/<active-case>/investigation/findings/` -- confirmed/assessed findings with confidence levels
- `investigations/<active-case>/investigation/evidence/` -- raw evidence and screenshots
- `investigations/<active-case>/investigation/timelines/` -- chronological event data
- `investigations/<active-case>/canonical/scope.md` -- hypotheses and collection requirements
This is the richest local evidence available. Prioritize it over generic file discovery.
### Feeding Results Back to Q
After any `/analyze` run completes, update the active case:
1. Add key findings to `investigation/findings/` (with citation back to the analysis)
2. Update `memory/investigation-state.md` with analysis summary and which techniques were run
3. If the analysis surfaced new collection gaps, flag them in `investigation-state.md` and suggest `/q-scope` to the user (file authority: `canonical/` is only updated via `/q-scope`)
### OSINT Note
This system uses Apify/Exa/Jina for OSINT collection (not Firecrawl). When the skill needs web research, it should use the built-in WebSearch and WebFetch tools. For deeper collection, use `/q-osint` or `/q-collect` first, then run `/analyze --no-osint` on the collected evidence.
## Execution
**You MUST read the orchestrator protocol before proceeding.** It contains mode routing, technique selection logic, and the technique routing table.
### Step 0 — Context Inference
Before parsing explicit arguments, scan the conversation history for implicit inputs. Users often invoke `/analyze` mid-conversation after discussing a problem, providing data, or sharing links.
Extract from conversation context:
- **Problem statement**: What is the user trying to analyze? Look for questions, concerns, scenarios, or decisions under discussion.
- **Implicit technique hints**: Did the user mention assumptions, hypotheses, competing explanations, risks, or scenarios? Map these to techniques (e.g., "I'm not sure which explanation is right" → ACH, "what could go wrong" → Premortem).
- **Implicit flags**: Did the user indicate they want something quick (→ `--lean`), don't want web research (→ `--no-osint`), or want to walk through everything (→ `--guided`)?
- **Prior analysis**: Are there existing analyses in the active case's `output/analyses/` for the same topic? (→ suggest `--resume` or `--iterate`)
- **Evidence already provided**: Files shared, URLs pasted, data discussed — these become Tier 1/2 evidence.
### Step 0.1 — Validate Assumptions
If context inference produced any results, present them to the user for confirmation before proceeding:
```
Based on our conversation, here's what I'm picking up:
**Problem**: [inferred problem statement]
**Mode**: [inferred mode + rationale]
**Techniques**: [inferred techniques, if any]
**Flags**: [inferred flags, if any]
**Prior context**: [files, data, or evidence already in conversation]
Does this look right? Adjust anything before I proceed.
```
If the user provided explicit arguments, those always take precedence — but still surface any useful context (e.g., "You asked for ACH. I also noticed you shared [file] earlier — I'll include that as evidence.").
If no conversation context exists and no arguments were provided, proceed directly to Adaptive mode (the orchestrator will prompt for a problem statement).
### Steps 1–6 — Main Execution
1. Read `protocols/orchestrator.md` (relative to this skill's directory)
2. Parse explicit arguments → determine mode and flags (merge with Step 0 inferences, explicit args win)
3. Follow the orchestrator's instructions for the detected mode
4. For technique execution, follow the orchestrator's Technique Execution Contract:
- **1 technique** (Direct mode): Execute in-context — read protocol, read template, execute SETUP → PRIME → EXECUTE → ARTIFACT → FINDINGS → HANDOFF, write artifact to `{{ANALYSIS_DIR}}/working/`
- **2+ techniques**: Dispatch to background subagents in dependency-aware tiers — each subagent reads protocol/template, executes the technique, writes the artifact, and returns only a compact findings summary. Main context accumulates summaries and file paths, not full technique work.
5. For evidence gathering: read and execute `protocols/evidence-collector.md`
6. For report synthesis: dispatch per `protocols/report-generator.md` Phase A/B architecture
## Self-Correction (3 Layers)
- **Layer 1** (after each technique, silent): Protocol compliance check — all steps completed? All template sections filled? No unfilled `{{PLACEHOLDER}}` tokens?
- **Layer 2** (before report, silent): Analytical self-critique — 8 checks:
- 3a. Assumption audit
- 3b. Evidence balance
- 3c. Confidence calibration
- 3d. Alternative check
- 3e. Missing voices
- 3f. Internal consistency audit (cross-artifact validation)
- 3g. Analytical bias scan (sycophancy, anchoring, vividness, completion, authority)
- 3h. Quality score (quantitative 1-5 with pass/fail threshold)
- **Layer 3** (before finalization): Human review gate — present summary (including quality score), incorporate feedback
- **Auto-Remediation Gate** (between Phase A and Phase B): HIGH-severity Layer 2 flags (evidence imbalance >2:1, unstated critical premises, strong counter-arguments, sycophancy/anchoring bias, quality score < 3.0) trigger automatic remediation — the orchestrator invokes the iteration handler to collect targeted evidence, re-run flagged techniques (max 3), and regenerate the report before the user sees it. Capped at 1 cycle. Zero overhead when no HIGH flags exist.
- **Critique-to-Iteration Bridge** (after results): Remaining MEDIUM/LOW flags from Layer 1 and Layer 2 are mapped to specific technique re-runs and evidence collection focuses, presented as ready-to-run `/analyze --iterate` commands. Only fires when actionable flags exist beyond what auto-remediation already addressed. All flags and their statuses are written to `next-steps.md` in the analysis root — a standalone ledger tracking OPEN, REMEDIATED, RESOLVED, and DEFERRED items across iterations. The `--iterate` handler reads this file as its primary input.
## Citation Requirement
Every claim in every artifact must be cited. No exceptions. Citation methods:
- **OSINT**: `[Source](URL)` — Retrieved: YYYY-MM-DD
- **FILE**: `[filename:line_range]`
- **USER**: `[User-provided, session context]`
- **ANALYSIS**: `[Derived via technique_name]`
- **PRIOR-ITERATION**: `[PRIOR-v{N}: technique_name]`
OSINT is never presented as fact — always "according to [source]".
## Reference Library
For deep background on any technique, read `library/00-prime.md` (relative to this skill's directory) and the specific library files referenced in each protocol. The library contains the full theoretical foundation, axioms, selection matrices, and empirical critiques underlying this skill.
No comments yet. Be the first to comment!
