CtrlK
BlogDocsLog inGet started
Tessl Logo

hipaa-compliance-auditor

Clinical-grade PII/PHI detection and de-identification for healthcare text data. Scans all 18 HIPAA identifier categories with confidence scoring, generates audit logs, supports custom regex patterns, and produces de-identified output while preserving document structure.

60

Quality

72%

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Passed

No known issues

Fix and improve this skill with Tessl

tessl review fix ./scientific-skills/Academic Writing/hipaa-compliance-auditor/SKILL.md
SKILL.md
Quality
Evals
Security

Quality

Content

77%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The content is highly actionable with executable commands, a clear validated workflow, and concrete examples, but it is padded with generic boilerplate sections and has minor reference-path inaccuracies. Trimming boilerplate and fixing cited paths would improve both conciseness and progressive disclosure.

Suggestions

Remove the generic Output Requirements / Response Template / Input Validation boilerplate that is unrelated to HIPAA auditing, or move it to a separate reference file, to tighten the token budget.

Fix the mismatched reference path (hipaa_safe_harbor_guide.pdf -> hipaa_safe_harbor_guide.md) and either add the missing references/test_cases/ directory or remove that reference.

De-duplicate the repeated CLI examples across Quick Check, Audit-Ready Commands, and Usage into a single canonical command block.

DimensionReasoningScore

Conciseness

The body is efficient in its core command/API sections but padded with generic boilerplate (Output Requirements, Response Template, Error Handling, Input Validation) and repeated command examples across Quick Check, Audit-Ready, and Usage, so it is mostly efficient but could be tightened rather than fully lean.

2 / 3

Actionability

Provides executable commands (py_compile, full CLI with real flags), a runnable Python API example, a concrete parameters table, and a complete output JSON schema — copy-paste ready with specific examples.

3 / 3

Workflow Clarity

A clear five-step sequence with an explicit Checkpoint 1, plus feedback/fallback loops (missing-input request, spaCy model install-and-retry, increase custom patterns if PII remains), matching the score-3 anchor of explicit validation steps and error-recovery loops.

3 / 3

Progressive Disclosure

A References section signals real bundle files one level deep, but one cited path mismatches the bundle (hipaa_safe_harbor_guide.pdf vs. the actual .md) and test_cases/ is referenced but absent, and substantial inline content (full identifier list, output format) could be split out, so structure is present but imperfect.

2 / 3

Total

10

/

12

Passed

Description

67%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description is specific and distinctive, naming several concrete capabilities, but it omits an explicit "Use when..." trigger clause and leans on technical phrasing for triggers. Adding natural-language usage triggers would raise completeness and trigger-term quality.

Suggestions

Append an explicit 'Use when...' clause naming natural triggers, e.g. 'Use when de-identifying clinical notes, preparing healthcare text for research, or when the user mentions HIPAA, PHI, or PII redaction.'

Soften jargon by adding common user phrases (e.g. 'redact patient data', 'remove names and SSNs from medical records') alongside the technical term list.

DimensionReasoningScore

Specificity

Lists multiple concrete actions — "Scans all 18 HIPAA identifier categories", "generates audit logs", "supports custom regex patterns", and "produces de-identified output while preserving document structure" — matching the score-3 anchor of several specific concrete actions.

3 / 3

Completeness

It clearly answers "what does this do" with detailed capabilities, but there is no explicit "Use when..." clause, so per the guidelines completeness is capped at 2.

2 / 3

Trigger Term Quality

Contains relevant terms (PII/PHI detection, de-identification, HIPAA, healthcare text) but leans on technical jargon like "18 HIPAA identifier categories" and omits common user-natural variations, so it is not a full score-3 coverage of natural terms.

2 / 3

Distinctiveness Conflict Risk

The HIPAA healthcare PII/PHI niche with domain-specific triggers is clearly distinguishable and unlikely to fire for unrelated skills, matching the score-3 anchor of a clear niche with distinct triggers.

3 / 3

Total

10

/

12

Passed

Validation

87%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation14 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

referenced_paths_exist

Referenced path issues: 2 missing

Warning

Total

14

/

16

Passed

Repository
aipoch/medical-research-skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.