ask-questions-if-underspecified
Ask clarifying questions before implementing when requirements are ambiguous or incomplete.
- Use when a request has multiple plausible interpretations or missing details around objective, scope, constraints, environment, or safety; skip it when the request is already clear or a quick discovery read resolves unknowns
- Ask 1–5 must-have questions in the first pass, prioritizing those that eliminate whole branches of work; offer multiple-choice options and suggested defaults to reduce friction
- Structure questions for compact responses (e.g., "reply with: 1a 2b") and include a fast-path option like "defaults" to accept all recommended choices
- Pause before acting: do not run commands or edit files until must-have answers arrive, though low-risk discovery steps (inspecting configs, reading docs) are acceptable
- Once answers arrive, restate requirements in 1–3 sentences including key constraints, then proceed with implementation
Ask Questions If Underspecified
When to Use
Use this skill when a request has multiple plausible interpretations or key details (objective, scope, constraints, environment, or safety) are unclear.
When NOT to Use
Do not use this skill when the request is already clear, or when a quick, low-risk discovery read can answer the missing details.
Goal
Ask the minimum set of clarifying questions needed to avoid wrong work; do not start implementing until the must-have questions are answered (or the user explicitly approves proceeding with stated assumptions).
Workflow
1) Decide whether the request is underspecified
Treat a request as underspecified if after exploring how to perform the work, some or all of the following are not clear:
More from trailofbits/skills
semgrep
>-
3.8Kmodern-python
Configures Python projects with modern tooling (uv, ruff, ty). Use when creating projects, writing standalone scripts, or migrating from pip/Poetry/mypy/black.
3.7Kcodeql
>-
3.6Kinsecure-defaults
Detects fail-open insecure defaults (hardcoded secrets, weak auth, permissive security) that allow apps to run insecurely in production. Use when auditing security, reviewing config management, or analyzing environment variable handling.
3.5Ksecure-workflow-guide
Guides through Trail of Bits' 5-step secure development workflow. Runs Slither scans, checks special features (upgradeability/ERC conformance/token integration), generates visual security diagrams, helps document security properties for fuzzing/verification, and reviews manual security areas.
3.4Kcode-maturity-assessor
Systematic code maturity assessment using Trail of Bits' 9-category framework. Analyzes codebase for arithmetic safety, auditing practices, access controls, complexity, decentralization, documentation, MEV risks, low-level code, and testing. Produces professional scorecard with evidence-based ratings and actionable recommendations.
3.3K