security-patterns
Security patterns for Falcon Foundry apps including OAuth scopes, RBAC, input validation, UI security, and credential management. TRIGGER when user asks to "configure OAuth scopes", "secure a Foundry app", "handle secrets", "add input validation", or needs to review a Foundry app for security concerns (XSS, CSP, credential management). Also trigger during pre-deployment security reviews.
89
89%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong skill description that clearly defines its scope (security patterns for Falcon Foundry apps), lists specific capabilities (OAuth, RBAC, input validation, UI security, credential management), and provides explicit trigger conditions with natural user phrases. The description is well-structured, concise, and distinctive enough to avoid conflicts with other skills.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions and domains: OAuth scopes, RBAC, input validation, UI security, credential management, XSS, CSP. These are all concrete, well-defined security concerns rather than vague abstractions. | 3 / 3 |
Completeness | Clearly answers both 'what' (security patterns for Falcon Foundry apps including OAuth scopes, RBAC, input validation, UI security, credential management) and 'when' (explicit TRIGGER clause with specific phrases and scenarios like pre-deployment security reviews). | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural trigger terms users would say: 'configure OAuth scopes', 'secure a Foundry app', 'handle secrets', 'add input validation', 'XSS', 'CSP', 'credential management', 'pre-deployment security reviews'. These are realistic phrases a developer would use. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive due to the specific platform scope ('Falcon Foundry apps') combined with security-specific concerns. The combination of Falcon Foundry + security patterns creates a clear niche that is unlikely to conflict with general security skills or general Foundry development skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
79%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a strong, well-structured security skill that provides actionable, platform-specific guidance with executable code examples across multiple languages. Its main weaknesses are the lack of explicit validation/feedback loops in the workflow (particularly for the security review process) and the fact that all external references point to a single file, which undermines the progressive disclosure pattern. The content is impressively concise while covering a broad security surface area.
Suggestions
Add an explicit multi-step security review workflow with validation checkpoints (e.g., 'Run scope audit → Fix over-permissioned scopes → Re-validate → Proceed to input validation check → ...').
Split references/security-examples.md into separate files (e.g., sanitization-examples.md, cicd-security.md, postmessage-security.md) so the reading guide provides meaningful progressive disclosure rather than pointing everything to one file.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is lean and efficient throughout. It avoids explaining basic concepts Claude already knows (e.g., what RBAC is, what XSS is), instead jumping straight to Foundry-specific patterns, tables, and executable examples. Every section earns its place with platform-specific details. | 3 / 3 |
Actionability | Provides concrete, executable code in multiple languages (Python, TypeScript, YAML, JSON, bash), specific CLI commands, copy-paste ready configurations, and a detailed pre-deployment checklist. The JSON schema, CSP config, iframe origin validation, and manifest examples are all directly usable. | 3 / 3 |
Workflow Clarity | The pre-deployment checklist provides a clear sequence of verification steps, and individual sections are well-organized. However, there's no explicit multi-step workflow with validation checkpoints or feedback loops for the security review process itself — e.g., no 'validate → fix → re-validate' pattern for security auditing or deployment. | 2 / 3 |
Progressive Disclosure | The skill references [references/security-examples.md] multiple times with clear signaling and a reading guide table, which is good structure. However, all references point to a single file (security-examples.md) which appears to be a catch-all, and no bundle files were provided to verify the reference exists or is well-structured. The reading guide maps four different tasks to the same file, suggesting the referenced content may be monolithic. | 2 / 3 |
Total | 10 / 12 Passed |
Validation
72%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 8 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
metadata_version | 'metadata.version' is missing | Warning |
metadata_field | 'metadata' should map string keys to string values | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 8 / 11 Passed | |
- Repository
- CrowdStrike/foundry-skills
- Commit
e7fa026
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.