attack-tree-construction
Build comprehensive attack trees to visualize threat paths. Use when mapping attack scenarios, identifying defense gaps, or communicating security risks to stakeholders.
84
81%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Quality
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a well-crafted description that clearly communicates both purpose and trigger conditions. It uses appropriate security domain terminology that users would naturally employ. The main weakness is that the specific capabilities could be more detailed - listing concrete deliverables or analysis types would strengthen it further.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (attack trees, threat paths) and some actions (build, visualize, mapping, identifying), but lacks comprehensive specific actions like 'enumerate threat actors', 'calculate risk scores', or 'generate mitigation recommendations'. | 2 / 3 |
Completeness | Clearly answers both what ('Build comprehensive attack trees to visualize threat paths') and when ('Use when mapping attack scenarios, identifying defense gaps, or communicating security risks to stakeholders') with explicit trigger guidance. | 3 / 3 |
Trigger Term Quality | Good coverage of natural terms: 'attack trees', 'threat paths', 'attack scenarios', 'defense gaps', 'security risks', 'stakeholders'. These are terms security professionals would naturally use when needing this capability. | 3 / 3 |
Distinctiveness Conflict Risk | Clear niche focused specifically on attack trees and threat modeling. The specific terminology (attack trees, threat paths, defense gaps) distinguishes it from general security skills or documentation skills. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
72%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is well-structured and concise, appropriately delegating detailed content to a referenced playbook. However, it lacks concrete examples of attack tree notation or output formats in the main skill, and the workflow could benefit from explicit validation steps before sharing security-sensitive deliverables.
Suggestions
Add a brief concrete example showing attack tree notation (e.g., a simple AND/OR tree structure with sample annotations for cost/skill/time/detectability)
Include a validation checkpoint in the workflow, such as 'Review tree completeness against threat model before sharing with stakeholders'
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is lean and efficient, avoiding unnecessary explanations of what attack trees are or basic security concepts. Every section serves a clear purpose without padding. | 3 / 3 |
Actionability | Instructions provide a clear process (confirm scope, decompose, annotate, map mitigations) but lack concrete examples of attack tree notation, specific annotation formats, or sample output structures that would make guidance copy-paste ready. | 2 / 3 |
Workflow Clarity | Steps are listed in logical sequence but lack validation checkpoints. For security modeling work, there's no verification step to confirm tree completeness or accuracy before sharing with stakeholders. | 2 / 3 |
Progressive Disclosure | Clear overview structure with well-signaled one-level-deep reference to implementation-playbook.md for detailed patterns and templates. Content is appropriately split between overview and detailed resources. | 3 / 3 |
Total | 10 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- Dokhacgiakhoa/antigravity-ide
- Commit
332e58b
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.