Claude Code's Plan-Skeptic Sub Agent Identifies Security Gaps in Generated Plans

How Claude Code's Plan-Skeptic Sub Agent Works

A developer with 10+ years of web agency experience discovered that Claude Code includes a plan-skeptic sub agent that can be triggered to review AI-generated development plans. When the developer rejected a plan due to security concerns, Claude Code automatically ran both the security-sheriff and plan-skeptic sub agents.

The plan-skeptic sub agent not only caught the security issues the developer had flagged, but identified additional problems that weren't initially noticed. The revised plan was significantly better after this review process.

Practical Workflow Integration

The developer now deliberately rejects plans and prompts Claude Code with: run the plan-skeptic sub agent to identify any gaps or issues before approving any generated plans. This approach has become part of their regular workflow when using Claude Code for development tasks.

The security-sheriff sub agent was previously known to the developer, but the plan-skeptic sub agent was new. Both agents work together to improve plan quality, with plan-skeptic specifically focused on identifying gaps and issues in the overall plan structure and approach.

This discovery came from reviewing a Claude Code-generated plan that felt off from a security perspective, based on the developer's experience building production applications. The gut feeling about potential security issues led to the rejection that triggered both sub agents.