remediation
**CRITICAL**: Use this skill for ALL CVE remediation workflows. DO NOT use individual skills piecemeal for end-to-end remediation. Use when users request: - CVE remediation playbooks or security patch deployment - Multi-step remediation (validation → context → playbook → execution) - Batch remediation across multiple systems or CVEs - End-to-end CVE management (analysis + remediation + verification) - Prioritizing and remediating CVEs (not just listing them) - Emergency security response with immediate remediation plans DO NOT use for simple queries: - "List critical CVEs" → Use `/cve-impact` skill - "What's the CVSS score for CVE-X?" → Use `/cve-impact` or `/cve-validation` - Standalone impact analysis without remediation → Use `/cve-impact` This skill orchestrates 6 specialized skills (cve-impact, cve-validation, system-context, playbook-generator, playbook-executor, remediation-verifier) for complete remediation workflows.
89
85%
Does it follow best practices?
Impact
95%
2.71xAverage score across 3 eval scenarios
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is an excellent skill description that clearly defines its role as an orchestrator for end-to-end CVE remediation workflows. It excels in all dimensions: specific actions are enumerated, natural trigger terms are abundant, both 'what' and 'when' are explicitly addressed, and the 'DO NOT use' section with routing guidance to alternative skills is a best practice for minimizing conflict risk. The description is well-structured and actionable for skill selection.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: CVE remediation playbooks, security patch deployment, multi-step remediation (validation → context → playbook → execution), batch remediation, end-to-end CVE management, and emergency security response. Also names the 6 orchestrated sub-skills. | 3 / 3 |
Completeness | Clearly answers both 'what' (orchestrates 6 specialized skills for complete CVE remediation workflows including validation, context, playbook generation, execution, and verification) and 'when' (explicit 'Use when' clause with 6 trigger scenarios, plus a 'DO NOT use' section that further clarifies boundaries). | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural trigger terms users would say: 'CVE remediation', 'security patch deployment', 'batch remediation', 'emergency security response', 'remediation playbooks', 'prioritizing and remediating CVEs'. These are terms a security professional would naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | Exceptionally distinctive with explicit boundary definitions. The 'DO NOT use for' section with specific routing to alternative skills (cve-impact, cve-validation) directly addresses conflict risk and makes it very clear when this orchestration skill should be chosen over its component skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
70%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-structured orchestration skill with excellent workflow clarity, strong actionability through concrete invocation examples, and good progressive disclosure via external references. However, it is significantly over-verbose with extensive repetition of human-in-the-loop requirements, sequencing mandates, and invocation warnings across multiple sections, which wastes token budget and could be consolidated substantially.
Suggestions
Consolidate the human-in-the-loop requirements into a single section and reference it from workflow steps instead of repeating confirmation requirements in Steps 4-5, the dedicated section, and Important Reminders.
Remove repeated warnings about using 'actual Skill tool invocations' and 'No task found' errors—state once at the top and don't repeat in Step 0, Step 4, and Important Reminders.
Merge the 'Dependencies' section (which just re-lists skills and MCP servers already mentioned in Prerequisites and workflow steps) to eliminate redundancy.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is extremely verbose at ~200+ lines with significant repetition. The human-in-the-loop requirements are stated in the workflow steps AND repeated in a dedicated section. MCP tool usage caveats, sequencing mandates, and invocation warnings are repeated multiple times. Many instructions explain things Claude should already know (e.g., 'Use actual tool calls, not text'). | 1 / 3 |
Actionability | The skill provides concrete invocation strings for each step, specific expected outputs, clear gate conditions (remediatable gate with exact field names), and explicit error handling with user-facing messages. The invoke examples are copy-paste ready and the decision logic is well-specified. | 3 / 3 |
Workflow Clarity | The workflow is clearly sequenced (Steps 0-6) with explicit validation checkpoints, mandatory gates (remediatable gate at Step 2, user confirmation before Step 5), feedback loops (dry-run → review → execute), and clear error recovery paths. The sequencing constraints are explicit and the human-in-the-loop checkpoints are well-defined. | 3 / 3 |
Progressive Disclosure | The skill appropriately references external files for detailed content (remediation-plan-template.md, lightspeed-mcp-tool-failures.md, cve-remediation-templates.md) with clear one-level-deep links. The main file serves as an orchestration overview while delegating specifics to referenced documents and sub-skills. | 3 / 3 |
Total | 10 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- RHEcosystemAppEng/agentic-collections
- Commit
600eabe
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.