verification-looplisted

# Verification Loop ## When to use This skill triggers for Claude itself, not for the end user. Activate it when you're about to deliver non-trivial output and there's still room for one more pass. It activates when: - You've written an analysis, review, report, patch, threat model, runbook, or policy document and are about to hand it to the user. - The user explicitly asks for a second pass: "check your own work", "are you sure?", "are there gaps?", "red-team this", "play devil's advocate". - Another security skill (e.g. `security-review`, `threat-modeler`, `pentest-reporter`, `ir-runbook`, `gdpr-pia`) has just produced output. This loop is the last step before delivery. - Your own reasoning contains passages starting with "probably", "normally", "in practice", or "I assume". Those are assumptions that this loop should bring to the surface. The pass is over what Claude has just produced, not over user input. This is a meta-skill. It does not review code or specs from third parties; it reviews your own work. ## Approach The loop has two layers. **Layer 1** is universal and stands on its own. **Layer 2** adds security-specific checks and is removable as a self-contained block. In a non-security context you can drop the entire section without breaking Layer 1. Work through the steps sequentially. Collect findings as you go; only formulate a verdict once every step has been done. Don't skip a step because it "doesn't seem to apply". The steps you want to skip are often ex