Lists multiple specific concrete actions and patterns: 'JWT, OAuth2, session management, and RBAC' along with outcomes 'build secure, scalable access control systems'. Also mentions specific use cases like 'implementing auth systems, securing APIs, debugging security issues'.

Clearly answers both what ('Master authentication and authorization patterns including JWT, OAuth2, session management, and RBAC to build secure, scalable access control systems') and when ('Use when implementing auth systems, securing APIs, or debugging security issues') with explicit trigger guidance.

Includes strong natural keywords users would say: 'authentication', 'authorization', 'JWT', 'OAuth2', 'session management', 'RBAC', 'auth systems', 'APIs', 'security issues'. These cover both technical terms and common shorthand ('auth').

Has a clear niche focused specifically on authentication/authorization with distinct triggers (JWT, OAuth2, RBAC, session management). Unlikely to conflict with general coding or security skills due to the specific auth focus.

The content is lean and efficient, using bullet points without explaining concepts Claude already knows (JWT, OAuth2, RBAC). Every section serves a purpose with no padding or unnecessary context.

The instructions are entirely abstract and vague ('Define users, tenants, flows', 'Choose auth strategy', 'Design authorization model') with no concrete code, commands, or executable examples. It describes what to do conceptually but provides no copy-paste ready guidance.

Steps are listed in a logical sequence (define → choose → design → plan), but there are no validation checkpoints, no feedback loops for error recovery, and no explicit verification steps for these security-critical operations.

Clear overview structure with well-signaled one-level-deep references to implementation-playbook.md for detailed patterns. Content is appropriately split between overview and detailed resources.