Stats
Actions
Tags
From idstack
Audits course designs across 5 adversarial dimensions (alignment, evidence, cognitive load, persona simulation, prerequisite chains) and produces a confidence score. Runs in a clean-context sub-agent for unbiased synthesis.
How this skill is triggered — by the user, by Claude, or both
Slash command
/idstack:red-teamThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
<!-- AUTO-GENERATED from SKILL.md.tmpl -- do not edit directly -->
idstack skills are designed to run in multiple CLIs (Claude Code, OpenAI Codex CLI, and others). To stay portable, skill bodies use a few concept names that have a CLI-specific implementation:
AskUserQuestion tool; in Codex CLI (which has no analog) just emit the numbered
question as plain text and wait.Agent ships
a sequential fallback alongside it./idstack:pipeline. In Claude Code this
invokes a child skill in-process via the Skill tool. In CLIs without that primitive, the
pipeline degrades to prompting the user to type the next skill name explicitly./idstack:foo"
or links to /idstack:foo in a "Next steps" section, that's Claude Code's /idstack:<name>
invocation. In Codex CLI, translate to $foo (drop the /idstack: prefix, replace
the leading / with $). Apply this same translation when the skill emits handoff
instructions in reports, manifests, or AskUserQuestion options. Same body text, two
hosts; the model translates per-CLI on output.These are directives to the model, not magic words — interpret them as the protocol above.
# Locate the idstack install. Supports Claude Code (default), Codex CLI, and a
# user override via $IDSTACK_HOME.
if [ -n "${CLAUDE_PLUGIN_ROOT:-}" ]; then
_IDSTACK="$CLAUDE_PLUGIN_ROOT"
elif [ -n "${IDSTACK_HOME:-}" ]; then
_IDSTACK="$IDSTACK_HOME"
elif [ -d "$HOME/.agents/plugins/idstack" ]; then
_IDSTACK="$HOME/.agents/plugins/idstack"
elif [ -d "$HOME/.agents/skills/idstack" ]; then
_IDSTACK="$HOME/.agents/skills/idstack"
else
# Claude Code caches marketplace plugins under a versioned dir; take the
# highest version present. Empty if idstack was never installed this way —
# every "$_IDSTACK/bin/..." call below is guarded, so that degrades quietly.
_IDSTACK=$(ls -d "$HOME"/.claude/plugins/cache/idstack/idstack/*/ 2>/dev/null | sort | tail -1)
_IDSTACK="${_IDSTACK%/}"
fi
_UPD=$("$_IDSTACK/bin/idstack-update-check" 2>/dev/null || true)
[ -n "$_UPD" ] && echo "$_UPD"
If the output contains UPDATE_AVAILABLE: tell the user "A newer version of idstack is available. Run cd $_IDSTACK && git pull && ./setup to update. (The ./setup step is required — it cleans up legacy symlinks.)" Then continue normally.
Before starting, check for an existing project manifest.
if [ -f ".idstack/project.json" ]; then
echo "MANIFEST_EXISTS"
"$_IDSTACK/bin/idstack-migrate" .idstack/project.json 2>/dev/null || cat .idstack/project.json
else
echo "NO_MANIFEST"
fi
If MANIFEST_EXISTS:
If NO_MANIFEST:
if [ -f ".idstack/project.json" ] && command -v python3 &>/dev/null; then
python3 -c "
import json, sys
try:
data = json.load(open('.idstack/project.json'))
prefs = data.get('preferences', {})
v = prefs.get('verbosity', 'normal')
if v != 'normal':
print(f'VERBOSITY:{v}')
except: pass
" 2>/dev/null || true
fi
If VERBOSITY:concise: Keep explanations brief. Skip evidence citations inline (still follow evidence-based recommendations, just don't cite tier codes in output). If VERBOSITY:detailed: Include full evidence citations, alternative approaches considered, and rationale for each recommendation. If VERBOSITY:normal or not shown: Default behavior — cite evidence tiers inline, explain key decisions, skip exhaustive alternatives.
_PROFILE="$HOME/.idstack/profile.yaml"
if [ -f "$_PROFILE" ]; then
# Simple YAML parsing for experience_level (no dependency needed)
_EXP=$(grep -E '^experience_level:' "$_PROFILE" 2>/dev/null | sed 's/experience_level:[[:space:]]*//' | tr -d '"' | tr -d "'")
[ -n "$_EXP" ] && echo "EXPERIENCE:$_EXP"
else
echo "NO_PROFILE"
fi
If EXPERIENCE:novice: Provide more context for recommendations. Explain WHY each
step matters, not just what to do. Define jargon on first use. Offer examples.
If EXPERIENCE:intermediate: Standard explanations. Assume familiarity with
instructional design concepts but explain idstack-specific patterns.
If EXPERIENCE:expert: Be concise. Skip basic explanations. Focus on evidence
tiers, edge cases, and advanced considerations. Trust the user's domain knowledge.
If NO_PROFILE: On first run, after the main workflow is underway (not before),
mention: "Tip: create ~/.idstack/profile.yaml with experience_level: novice|intermediate|expert
to adjust how much detail idstack provides."
Check for session history and learnings from prior runs.
# Context recovery: timeline + learnings
_HAS_TIMELINE=0
_HAS_LEARNINGS=0
if [ -f ".idstack/timeline.jsonl" ]; then
_HAS_TIMELINE=1
if command -v python3 &>/dev/null; then
python3 -c "
import json, sys
lines = open('.idstack/timeline.jsonl').readlines()[-200:]
events = []
for line in lines:
try: events.append(json.loads(line))
except: pass
if not events:
sys.exit(0)
# Quality score trend
scores = [e for e in events if e.get('skill') == 'course-quality-review' and 'score' in e]
if scores:
trend = ' -> '.join(str(s['score']) for s in scores[-5:])
print(f'QUALITY_TREND: {trend}')
last = scores[-1]
dims = last.get('dimensions', {})
if dims:
tp = dims.get('teaching_presence', '?')
sp = dims.get('social_presence', '?')
cp = dims.get('cognitive_presence', '?')
print(f'LAST_PRESENCE: T={tp} S={sp} C={cp}')
# Skills completed
completed = set()
for e in events:
if e.get('event') == 'completed':
completed.add(e.get('skill', ''))
print(f'SKILLS_COMPLETED: {','.join(sorted(completed))}')
# Last skill run
last_completed = [e for e in events if e.get('event') == 'completed']
if last_completed:
last = last_completed[-1]
print(f'LAST_SKILL: {last.get(\"skill\",\"?\")} at {last.get(\"ts\",\"?\")}')
# Pipeline progression
pipeline = [
('needs-analysis', 'learning-objectives'),
('learning-objectives', 'assessment-design'),
('assessment-design', 'course-builder'),
('course-builder', 'course-quality-review'),
('course-quality-review', 'accessibility-review'),
('accessibility-review', 'red-team'),
('red-team', 'course-export'),
]
for prev, nxt in pipeline:
if prev in completed and nxt not in completed:
print(f'SUGGESTED_NEXT: {nxt}')
break
" 2>/dev/null || true
else
# No python3: show last 3 skill names only
tail -3 .idstack/timeline.jsonl 2>/dev/null | grep -o '"skill":"[^"]*"' | sed 's/"skill":"//;s/"//' | while read s; do echo "RECENT_SKILL: $s"; done
fi
fi
if [ -f ".idstack/learnings.jsonl" ]; then
_HAS_LEARNINGS=1
_LEARN_COUNT=$(wc -l < .idstack/learnings.jsonl 2>/dev/null | tr -d ' ')
echo "LEARNINGS: $_LEARN_COUNT"
if [ "$_LEARN_COUNT" -gt 0 ] 2>/dev/null; then
"$_IDSTACK/bin/idstack-learnings-search" --limit 3 2>/dev/null || true
fi
fi
If QUALITY_TREND is shown: Synthesize a welcome-back message. Example: "Welcome back. Quality score trend: 62 -> 68 -> 72 over 3 reviews. Last skill: /learning-objectives." Keep it to 2-3 sentences. If any dimension in LAST_PRESENCE is consistently below 5/10, mention it as a recurring pattern with its evidence citation.
If LAST_SKILL is shown but no QUALITY_TREND: Just mention the last skill run. Example: "Welcome back. Last session you ran /course-import."
If SUGGESTED_NEXT is shown: Mention the suggested next skill naturally. Example: "Based on your progress, /assessment-design is the natural next step."
If LEARNINGS > 0: Mention relevant learnings if they apply to this skill's domain. Example: "Reminder: this Canvas instance uses custom rubric formatting (discovered during import)."
Skill-specific manifest check: If the manifest red_team_audit section already has data,
ask the user: "I see you've already run this skill. Want to update the results or start fresh?"
This skill audits the course adversarially. It assumes the course is broken until proven otherwise.
It is NOT a quality review (/idstack:course-quality-review does that). Quality review asks "does this course meet standards?" Red team asks "prove this course actually works."
Five adversarial dimensions:
The output is a confidence score (0-100): "How confident are we this course works?"
If the same Claude session helped build the course, it has sunk-cost bias toward its own design choices. Red team work happens in a freshly-spawned sub-agent that has no prior conversation history — only the manifest and course files, which is the same view a real student gets.
The sub-agent (the orchestrator) runs the full audit, writes a structured HTML report under .idstack/exports/<course-slug>/red-team.html, and returns a short executive summary including the report path. The parent (this skill) then offers to apply fixes in-context, since the parent already knows the course structure and is good at editing.
red_team_audit section from the report fileNo automatic re-verification. If the user wants to confirm fixes hold, they re-run /idstack:red-team.
The preamble above already ran the manifest check. Now confirm scope.
Determine course inputs:
MANIFEST_EXISTS: the orchestrator will read all sections (needs_analysis, learning_objectives, assessment_design, course_builder, quality_review, accessibility_review).NO_MANIFEST: ask the user to provide objectives, assessments, module sequence, and target audience. Capture answers as a brief block to pass to the orchestrator. Standalone mode reduces precision on Dimensions 1 (alignment) and 5 (prerequisites).Ask one focus question via AskUserQuestion:
"Any specific angle to red-team, or a full sweep?"
Options:
Save the user's choice as FOCUS for the orchestrator brief.
Use the Agent tool with subagent_type=general-purpose. The prompt is the full contents of the <orchestrator-brief> block below, with these substitutions performed before invoking:
{{FOCUS}} → the user's choice from Step 1 (or Full sweep by default){{MANIFEST_INFO}} → either Manifest at .idstack/project.json — read it directly. or, in standalone mode, the captured course information from Step 1{{COURSE_FILES_HINT}} → if the manifest has course_builder.output_path, set this to that path; otherwise Look under ./course/ or ./modules/ for generated course files.Then call Agent. Block on its return.
You are an adversarial course design auditor. You have NO context from prior sessions. You did not help build this course; you are seeing it fresh. Your job is to find every way it could fail learners — not to validate the design.
This is a stress test, not a quality review. Assume the course is broken until proven otherwise.
Inputs:
Manifest integrity: if the manifest JSON is malformed, stop and return an error message naming the parse error. Never silently overwrite.
Every challenge cites its evidence tier:
When multiple tiers apply, cite the strongest.
If {{FOCUS}} is Full sweep, audit all 5 dimensions at equal depth.
Otherwise, audit the named dimension at full depth and cover the others at reduced depth (3-5 findings each, no exhaustive matrices).
If you have access to the Agent tool, dispatch the 5 dimensions in parallel as nested sub-agents using the briefs in "Dimension Briefs" below. Wait for all 5 to return, then deduplicate findings.
If you do NOT have Agent access, run the dimensions sequentially using the same briefs.
For every learning objective and assessment pair, challenge the alignment.
Objective → Assessment match:
Activity → Objective match:
Check every evidence citation in the manifest or course design for accuracy.
Tier verification:
Currency check (if WebSearch available):
mode: limited in the report and note: "currency verification requires internet."Estimate cognitive load per module using proxy measures.
Limitation: the manifest contains structure, not the actual content learners see. These are proxies based on structural indicators. Note this limitation in the report.
Proxy indicators:
Expertise reversal check:
Simulate 4 learner personas walking through the course.
Limitation: simulation operates on structural/metadata signals, not actual content text. Content-level analysis (e.g., detecting idioms that challenge ESL learners) requires the actual course materials. Note this in the report.
Persona A — Complete Novice (no prior knowledge in domain)
Persona B — Expert Learner (expertise reversal risk)
Persona C — ESL Learner (language complexity, cultural references)
Persona D — Learner with Accessibility Needs
Per-persona checklist (evaluate for every module):
Trace prerequisite dependencies across all modules.
Check for:
After all dimensions return, compute the confidence score:
Severity weights reflect that structural misalignment and cognitive overload are the strongest predictors of learner failure: [Alignment-14] [T1], [CogLoad-6] [T1].
Contextualize:
The orchestrator emits an HTML report. Follow the visual contract in templates/report.html.tmpl and the content contract in templates/report-format.md.
# Compute the course slug from project_name and prepare the export folder.
_PROJECT_NAME=$(python3 -c "import json; print(json.load(open('.idstack/project.json')).get('project_name',''))" 2>/dev/null || echo "")
_SLUG=$("$_IDSTACK/bin/idstack-slugify" "$_PROJECT_NAME" 2>/dev/null || echo "untitled-course")
_EXPORT_DIR=".idstack/exports/$_SLUG"
_REPORT_PATH="$_EXPORT_DIR/red-team.html"
mkdir -p "$_EXPORT_DIR/assets"
cp -f "$_IDSTACK/templates/assets/idstack.css" "$_EXPORT_DIR/assets/idstack.css"
echo "Report path: $_REPORT_PATH"
Write the HTML report at the path printed above (.idstack/exports/<course-slug>/red-team.html), following the structure of templates/report.html.tmpl. Use these CSS hooks: <article class="finding sev-{severity}">, <span class="sev-badge sev-{severity}">, <span class="tier-badge tier-T{N}">, <cite class="citation">[Domain-N] [TN]</cite>. Customize for this skill:
{{skill_title}}: "Red Team Audit"{{skill_name}}: red-team{{mode}}: full or limited (include the optional mode segment in the header meta line; you may also append · focus: {{FOCUS}}).sev-critical → sev-warning → sev-info) inside a single <section class="findings">. Stable ids of the form <dimension>-<n> (e.g., alignment-1, cogload-3) so the parent can reference findings when applying fixes. Each <article class="finding sev-..."> should include the affected module/objective/assessment in the "What we saw" <dd>.<section class="dimension-summary"> with <h2>Per-dimension summary</h2> and an HTML <table> with a row for each dimension (Alignment, Evidence, Cognitive Load, Personas, Prerequisites) showing the per-dimension pass | warning | critical score and a one-line summary./idstack:learning-objectives or /idstack:assessment-design. If 60+, recommend /idstack:course-export.Each finding must have a stable id of the form <dimension>-<n> (e.g., alignment-1, cogload-3) so the parent can reference findings when applying fixes.
After writing the report, return ONLY a short executive summary (≤200 words) to the parent:
$_REPORT_PATH (e.g., .idstack/exports/<course-slug>/red-team.html)Do NOT return the full report inline. The parent will read the file.
After the orchestrator returns:
.idstack/exports/<course-slug>/red-team.html). HTML is fine to Read — extract the content sections by tag.Ask one AskUserQuestion:
"Which findings would you like to address?"
Options:
If the user chooses Skip, jump straight to Step 6.
For each finding in the chosen severity bucket, in order of severity:
fixes_applied. If you decide a finding is not actionable in-context (e.g., requires re-running /idstack:assessment-design), record it in fixes_deferred with a one-line reason.Do not spawn additional sub-agents for fixes. The parent has the relevant context to edit course files directly.
If the user pushes back on any specific fix, mark it deferred and continue.
Save results to .idstack/project.json via bin/idstack-manifest-merge, which replaces only
the red_team_audit section, preserves every other section verbatim, validates JSON, and
atomically updates the top-level updated timestamp. Pull the score and findings from
the orchestrator's HTML report at $_REPORT_PATH (the report is the source of truth — do
not re-derive from the orchestrator's return summary, which is lossy).
"$_IDSTACK/bin/idstack-manifest-merge" --section red_team_audit --payload - <<'PAYLOAD'
{
"updated": "<ISO-8601 timestamp>",
"confidence_score": 0,
"focus": "Full sweep",
"report_path": "<set to the orchestrator-returned path — e.g. .idstack/exports/<course-slug>/red-team.html>",
"findings_summary": {"critical": 0, "warning": 0, "info": 0},
"dimensions": {
"alignment": {"score": "pass|warning|critical", "findings": []},
"evidence": {"score": "pass|warning|critical", "mode": "full|limited", "findings": []},
"cognitive_load": {"score": "pass|warning|critical", "findings": []},
"personas": {"score": "pass|warning|critical", "findings": []},
"prerequisites": {"score": "pass|warning|critical", "findings": []}
},
"top_actions": [],
"limitations": [],
"fixes_applied": [],
"fixes_deferred": []
}
PAYLOAD
Each finding object: {"id": "alignment-1", "description": "...", "module": "Module 3", "severity": "critical|warning|info"}.
fixes_applied[] — each item: {"id": "alignment-1", "description": "Optional one-line summary of the change applied"}.
fixes_deferred[] — each item: {"id": "alignment-3", "reason": "One-line reason — e.g., requires re-running /idstack:assessment-design"}.
The merge tool exits non-zero (and prints a diagnostic on stderr) if the payload is malformed,
the manifest is corrupt, or the section name is misspelled — never silently overwriting. If
.idstack/project.json doesn't exist yet, run bin/idstack-migrate .idstack/project.json
first (it creates a fresh canonical manifest).
Fallback (if bin/idstack-manifest-merge is unavailable): Read the full manifest, modify
only the red_team_audit section, Write back. Preserve all other sections verbatim. The
canonical schema for reference is in templates/manifest-schema.md.
Two sentences:
.idstack/exports/<course-slug>/red-team.html."/idstack:learning-objectives or /idstack:assessment-design. If 60+, recommend /idstack:course-export.If the user wants to verify fixes hold, they can re-run /idstack:red-team — that's deliberately manual to avoid token costs of automatic re-verification.
Have feedback or a feature request? Share it here — no GitHub account needed.
After the skill workflow completes successfully, log the session to the timeline:
"$_IDSTACK/bin/idstack-timeline-log" '{"skill":"red-team","event":"completed"}'
Include skill-specific fields where available (confidence_score, focus, fixes_applied count). Log synchronously (no background &).
If you discover a non-obvious project-specific quirk during this session (LMS behavior, import format issue, course structure pattern), also log it as a learning:
"$_IDSTACK/bin/idstack-learnings-log" '{"skill":"red-team","type":"operational","key":"SHORT_KEY","insight":"DESCRIPTION","confidence":8,"source":"observed"}'
npx claudepluginhub savvides/idstack --plugin idstackAudits online course quality against Quality Matters standards and Community of Inquiry framework. Reviews structural quality, teaching/social/cognitive presence, and constructive alignment.
Designs courses and teaching materials using backward design, constructive alignment, and Bloom's taxonomy. Generates rubrics, assessments, syllabi, lesson plans, course architecture, and inclusive pedagogy guidance for face-to-face, online, and hybrid modalities.
Designs online course structures with learning objectives, module sequencing, assessments, and delivery formats using ADDIE and Gagné's nine events.