← ClaudeAtlas

trust-but-verifylisted

Use when you receive findings, a report, or any factual claims back from a subagent/Task before you act on them — re-validate every claim against a primary source (the code itself, the memory directory, CONTEXT.md, docs/ and docs/adr/, context7 library docs, package/API references, or a language spec) instead of trusting the agent's summary. Trigger automatically after any Task/subagent returns a result you're about to rely on, and whenever the user says "trust but verify", "verify these claims", "double-check what the agent found", "did it actually confirm that", or "where's the source for X". A subagent's report is a lead, not a fact. Nothing is verified until a source was opened and quoted; guessing, inferring, and "that looks right" are not verification.
The-Artificer-of-Ciphers-LLC/skills-from-the-artificer · ★ 2 · AI & Automation · score 73
Install: claude install-skill The-Artificer-of-Ciphers-LLC/skills-from-the-artificer
# Trust but Verify > A subagent's report is a **lead**, not a fact. You trust it enough to investigate — never enough to act on unread. When you delegate work to a subagent, what comes back is a *claim about reality*, filtered through a model that summarized, paraphrased, and sometimes hallucinated. The agent may be right. It may be confidently wrong. You cannot tell which from the report alone — the wrong ones look exactly as fluent as the right ones. This skill is the discipline of closing that gap: before you build on, repeat, or report any claim an agent handed you, you re-open the **primary source** and confirm the claim against it. Every claim. With a citation. ## The one rule everything else serves **No claim is verified until you have opened a primary source that confirms it and can quote where.** Two corollaries that do the real work: - **Inference is not verification.** "That's how this library usually works", "the function name implies it returns null", "that lines up with what I'd expect" — these are guesses wearing a lab coat. They produce an `UNVERIFIED`, never a `VERIFIED`. - **The agent's own words are not a source.** "The agent said the timeout is 30s" verifies nothing. The agent is the thing under audit. The source is the config file where `30s` is written. If you cannot find a source, the honest verdict is `UNVERIFIED` — and you say so out loud. Silently dropping an unsourced claim is worse than flagging it, because a clean report reads as "all conf