CtrlK
BlogDocsLog inGet started
Tessl Logo

cve-impact

**CRITICAL**: Use for ALL CVE discovery and listing. DO NOT call get_cves directly. Use when: "show critical CVEs", "CVEs on hostname X", "remediatable vulnerabilities", "impact of CVE-X", risk assessment. NOT for remediation (use `/remediation`). System-level: FIRST reply = pagination prompt (Step -1). Parsing: references/01-cve-response-parser.py.

68

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Advisory

Suggest reviewing before use

SKILL.md
Quality
Evals
Security

Quality

Content

77%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

A highly actionable, well-gated workflow body weakened by significant duplication and by broken 'Document Consultation' references to docs/ files that are absent from the bundle. Consolidating the repeated HITL/validator/tool content and fixing or removing the dead references would materially raise quality.

Suggestions

De-duplicate the HITL pagination prompt (currently repeated in Step -1 and the post-Step-1 'CRITICAL' section) and the MCP tool/validator lists (Prerequisites, Dependencies, Tools Reference) into single authoritative locations.

Fix the broken 'Document Consultation (REQUIRED)' references — docs/references/cvss-scoring.md, docs/insights/insights-api.md, docs/insights/fleet-management.md, docs/insights/vulnerability-logic.md, docs/references/skill-invocation.md, and ../mcp-lightspeed-validator/SKILL.md do not exist in the bundle; either add the files or remove/redirect the instructions.

Move the inline CVE-metadata and affected-systems output templates (Steps 2-5) into references/03-output-templates.md and reference them, instead of duplicating the templates inline.

DimensionReasoningScore

Conciseness

The body is operational and avoids explaining concepts Claude already knows, but repeats the same HITL pagination prompt nearly verbatim three times, restates validator instructions three times, and lists the MCP tools three times (Prerequisites, Dependencies, Tools Reference) — material that should be de-duplicated.

2 / 3

Actionability

Provides copy-paste-ready HITL prompts, concrete MCP tool names with exact parameters, and executable parser commands with real filter env vars (FILTER_REMEDIATABLE=1, OUTPUT=report) — fully actionable guidance.

3 / 3

Workflow Clarity

Steps -1 through 7 are clearly sequenced with an explicit mandatory HITL gate, MCP validation with PASS/PARTIAL/FAILED feedback loops, and stated anti-patterns; the batch pagination operation has a validation checkpoint, avoiding the batch-operation cap.

3 / 3

Progressive Disclosure

Existing references/ files are well-signaled one level deep via the Reference Files table and flows/, but six docs/ paths marked 'Document Consultation (REQUIRED)' (e.g. docs/references/cvss-scoring.md, docs/insights/insights-api.md) and ../mcp-lightspeed-validator/SKILL.md are broken (verified missing from the bundle), and output templates are duplicated inline rather than delegated.

2 / 3

Total

10

/

12

Passed

Description

90%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

A strong, trigger-rich description with explicit what/when guidance and good distinctiveness. The main weakness is directive/imperative voice in the capability clause rather than clean third-person phrasing.

DimensionReasoningScore

Specificity

Names concrete capabilities ('CVE Discovery and listing', 'Parsing: references/01-cve-response-parser.py', 'risk assessment') but phrases them as directives ('Use for ALL CVE Discovery', 'DO NOT call get_cves directly') rather than third-person capability voice, triggering the rubric's -1 voice penalty.

2 / 3

Completeness

Explicitly answers what (CVE discovery/listing/parsing) and when (a concrete 'Use when' trigger list), plus a negative trigger ('NOT for remediation (use /remediation)'), satisfying both halves with explicit guidance.

3 / 3

Trigger Term Quality

The 'Use when' clause lists natural SRE phrasings — 'show critical CVEs', 'CVEs on hostname X', 'remediatable vulnerabilities', 'impact of CVE-X' — covering common variations a user would actually say.

3 / 3

Distinctiveness Conflict Risk

The explicit 'NOT for remediation (use /remediation)' disambiguation plus CVE-specific triggers carve a clear niche unlikely to fire for the wrong skill.

3 / 3

Total

11

/

12

Passed

Validation

81%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation13 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

relative_links

Relative link issues: 14 missing, 17 deeper-than-1-level, 2 suspicious

Warning

referenced_paths_exist

Referenced path issues: 3 deeper-than-1-level

Warning

Total

13

/

16

Passed

Repository
RHEcosystemAppEng/agentic-collections
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.