exploitability-analyzer
Analyze detected vulnerabilities to assess realistic exploitability by examining control flow, input sources, sanitization logic, and execution context. Use when users need to: (1) Determine if a vulnerability is actually exploitable in practice, (2) Assess severity and impact of security issues, (3) Prioritize vulnerability remediation, (4) Understand attack vectors and exploitation conditions, (5) Generate exploitability reports with proof-of-concept scenarios. Focuses on injection vulnerabilities (SQL, command, XSS, path traversal, LDAP) with detailed analysis of reachability, controllability, sanitization, and impact.
91
88%
Does it follow best practices?
Impact
97%
1.32xAverage score across 3 eval scenarios
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is an excellent skill description that clearly articulates specific capabilities (exploitability analysis with detailed technical dimensions), provides explicit trigger conditions via a numbered 'Use when' list, and uses natural security terminology users would employ. The description is comprehensive yet focused, with strong distinctiveness from related security skills.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'examining control flow, input sources, sanitization logic, and execution context' and specifies vulnerability types (SQL, command, XSS, path traversal, LDAP) with analysis dimensions (reachability, controllability, sanitization, impact). | 3 / 3 |
Completeness | Clearly answers both what (analyze vulnerabilities, assess exploitability, examine control flow/sanitization) AND when with explicit 'Use when users need to:' clause listing five specific trigger scenarios. | 3 / 3 |
Trigger Term Quality | Includes natural keywords users would say: 'vulnerability', 'exploitability', 'security issues', 'severity', 'impact', 'remediation', 'attack vectors', plus specific injection types (SQL, XSS, command injection, path traversal, LDAP) that users would naturally mention. | 3 / 3 |
Distinctiveness Conflict Risk | Clear niche focused specifically on exploitability analysis of detected vulnerabilities, distinct from general security scanning or code review skills. The focus on 'realistic exploitability' and specific injection types creates a well-defined scope. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
77%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a strong, actionable skill with excellent workflow clarity and concrete examples. The 7-step analysis framework is well-structured with clear decision criteria. Main weaknesses are moderate verbosity in introductory sections and a somewhat monolithic structure that could benefit from splitting detailed examples into reference files.
Suggestions
Remove or condense the Overview and 'How to Use' sections - Claude can infer usage from the workflow and examples
Consider moving the detailed vulnerability examples (SQL Injection, Command Injection, XSS, Path Traversal) to separate reference files, keeping only one example inline as a template
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is moderately efficient but includes some unnecessary explanation. The Overview section restates what the skill does redundantly, and some sections like 'How to Use' explain concepts Claude would understand. However, the examples are well-structured and not overly verbose. | 2 / 3 |
Actionability | Excellent actionability with fully executable Python code examples, specific proof-of-concept exploits, and copy-paste ready remediation code. Each vulnerability type includes concrete, working examples with clear inputs and expected outputs. | 3 / 3 |
Workflow Clarity | Clear 7-step analysis workflow with explicit validation checkpoints at each stage. The workflow progresses logically from identification through assessment to remediation, with a decision matrix for calculating exploitability and a structured report format. | 3 / 3 |
Progressive Disclosure | The skill references 'assessment_criteria.md' for detailed criteria, which is good progressive disclosure. However, the main document is quite long (~400 lines) with extensive inline examples that could potentially be split into separate reference files for each vulnerability type. | 2 / 3 |
Total | 10 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
skill_md_line_count | SKILL.md is long (506 lines); consider splitting into references/ and linking | Warning |
Total | 10 / 11 Passed | |
- Repository
- ArabelaTso/Skills-4-SE
- Commit
0f00a4f
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.