functions-falcon-api
Call CrowdStrike Falcon platform APIs (detections, alerts, hosts, RTR) from within Foundry function handlers. TRIGGER when user asks to "call Falcon APIs from a function", "use FalconPy in a function", "use gofalcon in a function", or needs to integrate Falcon platform APIs within serverless function code. DO NOT TRIGGER when user wants to expose external third-party APIs to Foundry — use api-integrations instead.
87
82%
Does it follow best practices?
Impact
99%
1.98xAverage score across 3 eval scenarios
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is an excellent skill description that clearly defines its scope, provides multiple natural trigger phrases, and explicitly delineates its boundary from a related skill. The inclusion of specific API categories (detections, alerts, hosts, RTR), library names (FalconPy, gofalcon), and a DO NOT TRIGGER clause makes it highly effective for skill selection among many options.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions and domains: 'Call CrowdStrike Falcon platform APIs (detections, alerts, hosts, RTR) from within Foundry function handlers.' The parenthetical list of API categories (detections, alerts, hosts, RTR) adds concrete specificity. | 3 / 3 |
Completeness | Clearly answers both 'what' (call CrowdStrike Falcon platform APIs for detections, alerts, hosts, RTR from Foundry function handlers) and 'when' (explicit TRIGGER clause with specific phrases). Additionally includes a 'DO NOT TRIGGER' clause to reduce false positives, which goes above and beyond. | 3 / 3 |
Trigger Term Quality | Includes highly natural trigger terms users would say: 'call Falcon APIs from a function', 'use FalconPy in a function', 'use gofalcon in a function', plus domain terms like 'Falcon platform APIs', 'serverless function code'. These cover multiple natural phrasings and library names. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with a clear niche (Falcon APIs within Foundry functions) and explicitly differentiates itself from a related skill ('api-integrations') with a DO NOT TRIGGER clause, minimizing conflict risk. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
64%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a strong, highly actionable skill with excellent executable code examples covering Python and Go Falcon API integration patterns. Its main weaknesses are moderate verbosity (repeated emphasis on zero-arg auth, some unnecessary explanatory text) and a lack of an explicit end-to-end workflow with validation checkpoints for setting up and deploying a function. The progressive disclosure could be improved by moving detailed API pattern examples into separate reference files.
Suggestions
Add an explicit end-to-end workflow section (e.g., 1. Create function scaffold → 2. Add handler → 3. Test locally → 4. Deploy → 5. Verify) with validation checkpoints at each step.
Move the detailed API pattern examples (detection queries, host lookups, multi-API enrichment) into a separate reference file like references/api-patterns.md to keep the main skill leaner.
Remove redundant commentary — the zero-arg auth point is made at least 4 times; state it once prominently and let the code examples demonstrate it.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is mostly efficient with good code examples, but includes some unnecessary content: the system injection block at the top, the multi-region table (SDKs handle it automatically as stated), the 'How it works' explanation, and some redundant comments like 'Zero-arg — auth is automatic' repeated multiple times. The common pitfalls section partially restates what's already demonstrated in the code. | 2 / 3 |
Actionability | Excellent actionability — provides fully executable, copy-paste-ready code examples for Python and Go, covering multiple API patterns (alerts, detections, hosts, multi-API enrichment), testing with mocks, local testing commands, and the 207 multi-status edge case. All examples are complete handler functions with proper imports and error handling. | 3 / 3 |
Workflow Clarity | Individual API call patterns are clear and well-sequenced with error handling, but there's no overall workflow for creating a new function from scratch (e.g., project setup, dependency installation, deployment). The local testing section provides steps but lacks validation checkpoints. The 207 multi-status handling is mentioned but lacks a retry/feedback loop pattern (deferred to a reference file). | 2 / 3 |
Progressive Disclosure | References to advanced-patterns.md, python-functions.md, and external GitHub repos are present, but the bundle has no files to verify. The main content is quite long (~200+ lines) with multiple full code examples that could be split into separate reference files. The reference table at the top is good practice, but the skill inlines a lot of content that could benefit from being in separate files (e.g., Go patterns, common API patterns, testing). | 2 / 3 |
Total | 9 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
metadata_version | 'metadata.version' is missing | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Repository
- CrowdStrike/foundry-skills
- Commit
631c815
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.