Agent Skills
› s0912758806p/agentic-sop-to-work
› second-opinion
second-opinion
GitHub用于对已完成草稿进行独立、怀疑视角的审查,核查主张与证据的一致性,识别捏造数据或过度推断。支持基于运行日志的全模式或基于文档的降级模式,输出仅为建议性草案,最终批准权归人类所有。
Trigger Scenarios
获取报告的第二意见
核准前双重检查数据
红队测试输出是否存在捏造或过度宣称
验证事实与佐证的匹配度
Install
npx skills add s0912758806p/agentic-sop-to-work --skill second-opinion -g -y
SKILL.md
Frontmatter
{
"name": "second-opinion",
"description": "Use when asked to get a second opinion on a finished DRAFT, fact-check or double-check a report's claims against its evidence, sanity-check before sign-off, or red-team an output for fabrication \/ overreach \/ invented IDs — even without the word \"honesty\". Works on an agentic-sop-kit run dir (FULL, uses the run's trace) or any plain document (DEGRADED, you supply the inputs). | 要對一份已完成的 DRAFT 取得「第二意見」、在核准前查核報告主張是否有輸入佐證、抓臆造/灌水/過度宣稱/捏造編號時使用;吃 agentic-sop-kit 的 run 目錄(FULL,用 trace)或任何純文件(DEGRADED,需自備輸入)。不適用:稽核 agent 架構有沒有拆好/是不是 mega-agent(改用 agentic-workflow-audit);審查原始碼品質/bug/資安(改用 \/code-review)。本 skill 只查「這次產出的主張 vs. 證據」誠實度,只產 DRAFT,核准永遠人擁有。"
}
Second Opinion — adversarial honesty reviewer
An independent, skeptical second reader for a finished DRAFT. It checks whether every claim is backed by its evidence and hands back a findings report — which is itself a DRAFT. A human decides.
When to use / not use
- Use when: "get a second opinion on this report", "is this draft trustworthy / honest", "double-check the numbers before I sign", "red-team this output", "did it make anything up?"
- Not for architecture ("is my workflow decomposed / a mega-agent?") →
agentic-workflow-audit. - Not for source-code quality / bugs / security →
/code-review,/security-review. Second Opinion reads a produced artifact's claims vs its cited evidence, in any domain.
What it catches (domain-neutral)
- #1 wrong PASS/FAIL or spec-limit verdicts, and aggregates that don't recompute.
- #2 numbers with no matching source token (fabrication / transcription error).
- #3 invented identifiers / dates / names with no provenance (should be
【待補】). - #4 conclusions the data don't support (overreach) — advisory.
How it works (two layers; the guarantees are in CODE, not this prose)
- Deterministic layer (stdlib, hermetic): catches
#1/#2/#3. In FULL mode these are HARD at confidence 1.0 (the kittraceis authoritative); in DEGRADED mode they are SOFT at 0.5 (provenance reconstructed from supplied inputs). - Advisory LLM layer (you): catches
#4and fuzzy#1. It is capped (SECONDOP_MAX_LLM_PASSES, default 1) and every finding is clamped to SOFT / advisory / confidence ≤ 0.5, dropped unless it cites a verbatim draft span (orNO SOURCE), and suppressed if it re-litigates a slot the deterministic layer already settled.
To run it
Invoke the /second-opinion command, which orchestrates the deterministic pass → your
capped advisory pass → the code-enforced fold-in → the human STOP. Modes:
/second-opinion <run_dir>— FULL (an agentic-sop-kit run dir)/second-opinion <doc> --inputs <file...>— DEGRADED (any document)/second-opinion— the bundled cross-domain demo
Iron rules
- Facts only from inputs; unknowns are
【待補】; never invent numbers / IDs / dates / conclusions — and the red-team itself may not invent accusations (the evidence gate enforces this). - The deterministic checks are the only HARD signal; the LLM pass is advisory + capped, in code.
- The report is a DRAFT. A human owns approve / reject. Never auto-approve, never auto-file.
- Real enforcement lives in the code (clamp / evidence-gate / cap) and the optional Stop-hook — not in this prose.
Version History
- 248a01f Current 2026-07-05 14:55


