CtrlK
BlogDocsLog inGet started
Tessl Logo

common-security-standards

Enforce universal security protocols for safe, resilient software. Use when implementing authentication, encryption, authorization, input validation, secret management, or any security-sensitive feature across any language or framework.

61

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Quality

Content

65%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The body is a concise, well-organized set of security rules with named standards and tools, but its workflow lacks an explicit error-recovery feedback loop, its main body has no executable code, and one reference chain nests two levels deep.

Suggestions

Add an explicit feedback loop to the Workflow, e.g. 'If SAST/DAST fails: fix findings, re-run scanners, and only merge when clean' to lift workflow_clarity.

Inline one short executable snippet (e.g., a parameterized-query example) in the Secure Coding section rather than only deferring code to references, improving actionability.

Inline the VULNERABILITY_REMEDIATION.md content into INJECTION_TESTING.md (or link it directly from SKILL.md only) to eliminate the 2-level reference chain.

DimensionReasoningScore

Conciseness

The body is lean bullet-style rules that assume Claude's competence (e.g., "AES-256 for data-at-rest; TLS 1.3 for data-in-transit") without re-explaining concepts Claude already knows; minor duplication of zero-trust/injection guidance does not undermine overall token efficiency.

3 / 3

Actionability

It gives concrete directives and named tools ("npm audit", "pip audit", AES-256/TLS 1.3) but defers executable code to references, and several steps remain abstract ("Apply least privilege", "Validate and sanitize all external input"), so it is incomplete rather than copy-paste ready.

2 / 3

Workflow Clarity

The numbered Workflow has a terminal verify step ("Verify with SAST/DAST scanners in CI before merge") but lacks an explicit fix-and-retry feedback loop for scanner failures, which the rubric requires for a level-3 score on security-sensitive work.

2 / 3

Progressive Disclosure

SKILL.md cleanly signals three one-level references, but INJECTION_TESTING.md itself defers to VULNERABILITY_REMEDIATION.md, creating a 2-level reference chain that the rubric treats as nested navigation.

2 / 3

Total

9

/

12

Passed

Description

82%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description clearly answers both what the skill does and when to use it, with natural trigger terms covering the main security domains. Its main weakness is the abstract action verb and an overly broad scope that raises overlap risk with other skills.

DimensionReasoningScore

Specificity

The verb "Enforce universal security protocols" is abstract, and the description lists security domains (authentication, encryption, etc.) rather than multiple distinct concrete actions, matching the 'names domain and some actions' anchor rather than the level-3 list of specific actions.

2 / 3

Completeness

It explicitly states what it does ("Enforce universal security protocols for safe, resilient software") and when to use it ("Use when implementing authentication, encryption..."), satisfying both what and when with an explicit trigger clause.

3 / 3

Trigger Term Quality

Terms like "authentication, encryption, authorization, input validation, secret management" are natural phrases a user would say when requesting this skill, giving good coverage of common variations.

3 / 3

Distinctiveness Conflict Risk

The scope "any security-sensitive feature across any language or framework" is broad and could overlap with language- or framework-specific security skills, so it is only somewhat distinctive rather than a clear non-conflicting niche.

2 / 3

Total

10

/

12

Passed

Validation

87%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation14 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

metadata_version

'metadata.version' is missing

Warning

metadata_field

'metadata' should map string keys to string values

Warning

Total

14

/

16

Passed

Repository
HoangNguyen0403/agent-skills-standard
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.