CtrlK
BlogDocsLog inGet started
Tessl Logo

security-patterns

Security patterns for Falcon Foundry apps including OAuth scopes, RBAC, input validation, UI security, and credential management. TRIGGER when user asks to "configure OAuth scopes", "secure a Foundry app", "handle secrets", "add input validation", or needs to review a Foundry app for security concerns (XSS, CSP, credential management). Also trigger during pre-deployment security reviews.

74

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Advisory

Suggest reviewing before use

SKILL.md
Quality
Evals
Security

Quality

Content

87%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The body is highly actionable and token-efficient with excellent progressive disclosure via a single well-signaled reference file. Its weakest point is workflow clarity: it offers a verification checklist but no sequenced multi-step workflow with validation checkpoints and error-recovery feedback loops.

Suggestions

Convert the pre-deployment checklist into a short sequenced workflow with explicit validation checkpoints and a fix/re-validate feedback loop (e.g., validate manifest scopes -> fix violations -> re-validate -> proceed), so multi-step security review has clear error recovery rather than only a flat checklist.

Trim the role-injection preamble ("your role is Foundry security architect... You MUST implement security best practices at every layer") and the obvious statement "Foundry apps run on a cybersecurity platform — security is a core requirement" to further tighten token efficiency.

DimensionReasoningScore

Conciseness

The body is lean — tables, executable snippets, and a checklist with almost no padding of concepts Claude already knows; the only mild fluff is the role-injection preamble and one obvious platform statement, which is not enough to drop it to a mostly-inefficient 2.

3 / 3

Actionability

Provides fully executable, copy-paste-ready examples across bash, Python, JSON schema, YAML manifest, and TypeScript, with specific commands like "foundry auth roles create" and "DOMPurify.sanitize()".

3 / 3

Workflow Clarity

A pre-deployment verification checklist is present (better than no validation), but the body is organized as topical patterns rather than a sequenced multi-step workflow with explicit validation checkpoints and error-recovery feedback loops, so it does not reach the 3 anchor.

2 / 3

Progressive Disclosure

SKILL.md is a concise overview with well-signaled, one-level-deep references to references/security-examples.md (confirmed single bundle file, no nested references) and a Reading Guide table for easy navigation.

3 / 3

Total

11

/

12

Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description is strong: it names concrete capabilities, provides natural trigger phrases, and explicitly covers both what and when in third-person voice. No first/second-person voice penalty applies.

DimensionReasoningScore

Specificity

Lists multiple concrete capabilities — "OAuth scopes, RBAC, input validation, UI security, and credential management" — matching the anchor for several specific concrete actions rather than a vague domain label.

3 / 3

Completeness

Explicitly states both what ("Security patterns for Falcon Foundry apps including...") and when via an explicit "TRIGGER when..." clause equivalent to a "Use when..." trigger, so it is not capped at 2.

3 / 3

Trigger Term Quality

Includes natural phrases a user would say — "configure OAuth scopes", "secure a Foundry app", "handle secrets", "add input validation" — plus domain concern terms (XSS, CSP), giving good coverage rather than only some relevant keywords.

3 / 3

Distinctiveness Conflict Risk

The "Falcon Foundry apps" niche and Foundry-specific security triggers are clearly distinct and unlikely to fire for unrelated skills; not merely generic.

3 / 3

Total

12

/

12

Passed

Validation

87%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation14 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

metadata_version

'metadata.version' is missing

Warning

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

14

/

16

Passed

Repository
CrowdStrike/foundry-skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.