exploitability-analyzer

Analyze detected vulnerabilities to assess realistic exploitability by examining control flow, input sources, sanitization logic, and execution context. Use when users need to: (1) Determine if a vulnerability is actually exploitable in practice, (2) Assess severity and impact of security issues, (3) Prioritize vulnerability remediation, (4) Understand attack vectors and exploitation conditions, (5) Generate exploitability reports with proof-of-concept scenarios. Focuses on injection vulnerabilities (SQL, command, XSS, path traversal, LDAP) with detailed analysis of reachability, controllability, sanitization, and impact.

1.32x

Quality

88%

Does it follow best practices?

Impact

97%

1.32x

Average score across 3 eval scenarios

Securityby

Passed

No known issues

Quality

Content

77%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This is a strong, actionable skill with excellent workflow clarity and concrete examples. The 7-step analysis framework is well-structured with clear decision criteria. Main weaknesses are moderate verbosity in introductory sections and a somewhat monolithic structure that could benefit from splitting detailed examples into reference files.

Suggestions

Remove or condense the Overview and 'How to Use' sections - Claude can infer usage from the workflow and examples

Consider moving the detailed vulnerability examples (SQL Injection, Command Injection, XSS, Path Traversal) to separate reference files, keeping only one example inline as a template

Dimension	Reasoning	Score
Conciseness	The skill is moderately efficient but includes some unnecessary explanation. The Overview section restates what the skill does redundantly, and some sections like 'How to Use' explain concepts Claude would understand. However, the examples are well-structured and not overly verbose.	2 / 3
Actionability	Excellent actionability with fully executable Python code examples, specific proof-of-concept exploits, and copy-paste ready remediation code. Each vulnerability type includes concrete, working examples with clear inputs and expected outputs.	3 / 3
Workflow Clarity	Clear 7-step analysis workflow with explicit validation checkpoints at each stage. The workflow progresses logically from identification through assessment to remediation, with a decision matrix for calculating exploitability and a structured report format.	3 / 3
Progressive Disclosure	The skill references 'assessment_criteria.md' for detailed criteria, which is good progressive disclosure. However, the main document is quite long (~400 lines) with extensive inline examples that could potentially be split into separate reference files for each vulnerability type.	2 / 3
	Total	10 / 12 Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

This is an excellent skill description that clearly articulates specific capabilities (exploitability analysis with detailed technical dimensions), provides explicit trigger conditions via a numbered 'Use when' list, and uses natural security terminology users would employ. The description is comprehensive yet focused, with strong distinctiveness from related security skills.

Dimension	Reasoning	Score
Specificity	Lists multiple specific concrete actions: 'examining control flow, input sources, sanitization logic, and execution context' and specifies vulnerability types (SQL, command, XSS, path traversal, LDAP) with analysis dimensions (reachability, controllability, sanitization, impact).	3 / 3
Completeness	Clearly answers both what (analyze vulnerabilities, assess exploitability, examine control flow/sanitization) AND when with explicit 'Use when users need to:' clause listing five specific trigger scenarios.	3 / 3
Trigger Term Quality	Includes natural keywords users would say: 'vulnerability', 'exploitability', 'security issues', 'severity', 'impact', 'remediation', 'attack vectors', plus specific injection types (SQL, XSS, command injection, path traversal, LDAP) that users would naturally mention.	3 / 3
Distinctiveness Conflict Risk	Clear niche focused specifically on exploitability analysis of detected vulnerabilities, distinct from general security scanning or code review skills. The focus on 'realistic exploitability' and specific injection types creates a well-defined scope.	3 / 3
	Total	12 / 12 Passed

Validation

90%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 10 / 11 Passed

Validation for skill structure

Criteria	Description	Result
skill_md_line_count	SKILL.md is long (506 lines); consider splitting into references/ and linking	Warning

	Total	10 / 11 Passed

Repository: ArabelaTso/Skills-4-SE
Commit: 0f00a4f

Reviewed: 4 months ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.