agent-security-review
Use this skill when adding authentication, handling user input, working with secrets, creating API endpoints, or implementing payment/sensitive features. Provides comprehensive security checklist and patterns.
63
Quality
59%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./.agent/skills/agent-security-review/SKILL.mdQuality
Discovery
82%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description has strong completeness with an explicit 'Use this skill when...' clause and good trigger term coverage for security-related tasks. However, it lacks specificity about concrete actions (what exactly does the checklist cover? what patterns are provided?) and could potentially conflict with general API or authentication skills.
Suggestions
Add specific concrete actions like 'validates input sanitization, reviews authentication flows, checks for SQL injection vulnerabilities, audits secret management'
Differentiate from general API/auth skills by emphasizing the security audit/review aspect more explicitly
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (security) and lists several areas (authentication, user input, secrets, API endpoints, payment features), but lacks concrete actions - 'Provides comprehensive security checklist and patterns' is vague about what specific actions are performed. | 2 / 3 |
Completeness | Explicitly answers both what ('Provides comprehensive security checklist and patterns') and when ('Use this skill when adding authentication, handling user input, working with secrets, creating API endpoints, or implementing payment/sensitive features'). | 3 / 3 |
Trigger Term Quality | Good coverage of natural terms users would say: 'authentication', 'user input', 'secrets', 'API endpoints', 'payment', 'sensitive features' are all terms developers naturally use when discussing security concerns. | 3 / 3 |
Distinctiveness Conflict Risk | While security-focused, terms like 'API endpoints' and 'user input' could overlap with general web development or API skills. The security niche is clear but boundaries with adjacent skills could be sharper. | 2 / 3 |
Total | 10 / 12 Passed |
Implementation
37%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill functions as a pure index/table of contents rather than a functional skill. While the structure with sub-skills is appropriate for progressive disclosure, the main skill lacks any actionable content, workflow guidance, or even a basic security review process. The 'Security Checklist' section is empty except for links.
Suggestions
Add a brief security review workflow (e.g., '1. Identify data flows 2. Check relevant modules below 3. Validate with automated tests') to provide actionable guidance
Include a quick-reference checklist with the most critical security checks inline, reserving sub-skills for detailed implementation
Add brief descriptions next to each sub-skill link indicating when each applies (e.g., 'SQL Injection - use when writing database queries')
Provide at least one concrete example of a security review process or common vulnerability pattern in the main skill
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is lean and efficient - it lists activation triggers concisely and provides a clear index to sub-skills without unnecessary explanation of what security is or why it matters. | 3 / 3 |
Actionability | The skill provides no concrete guidance, code examples, or executable instructions - it's purely an index of links to other files with no actionable content in the main skill itself. | 1 / 3 |
Workflow Clarity | There is no workflow, sequence, or process defined. The checklist header exists but contains no actual checklist items - just links. No validation steps or guidance on how to apply security reviews. | 1 / 3 |
Progressive Disclosure | Good use of sub-skills for detailed content, but the main skill is too sparse - it's essentially just a table of contents with no overview content, quick-start guidance, or context for when to use which sub-skill. | 2 / 3 |
Total | 7 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- Dokhacgiakhoa/antigravity-ide
- Commit
3395991
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.