attack-tree-construction
Build comprehensive attack trees to visualize threat paths. Use when mapping attack scenarios, identifying defense gaps, or communicating security risks to stakeholders.
84
81%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Quality
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a solid skill description with a clear 'Use when...' clause, good trigger terms from the security domain, and a distinct niche around attack trees. Its main weakness is that the specific capabilities could be more granular—listing concrete actions like node annotation, probability scoring, or export formats would strengthen the specificity dimension.
Suggestions
Add more specific concrete actions beyond 'build attack trees', such as 'annotate nodes with likelihood and impact scores, identify critical paths, suggest mitigations, export tree diagrams'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | It names the domain (attack trees, threat paths) and a primary action (build comprehensive attack trees), but doesn't list multiple specific concrete actions like 'enumerate threat actors, rank risk severity, generate mitigation recommendations.' The additional phrases 'mapping attack scenarios, identifying defense gaps, communicating security risks' are more use-case contexts than distinct concrete capabilities. | 2 / 3 |
Completeness | Clearly answers both 'what' (build comprehensive attack trees to visualize threat paths) and 'when' (use when mapping attack scenarios, identifying defense gaps, or communicating security risks to stakeholders) with an explicit 'Use when...' clause. | 3 / 3 |
Trigger Term Quality | Includes strong natural keywords a user would say: 'attack trees', 'threat paths', 'attack scenarios', 'defense gaps', 'security risks', 'stakeholders'. These cover the primary terms someone working in threat modeling would naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | Attack trees are a very specific security analysis technique, making this clearly distinguishable from general security skills, threat modeling skills, or risk assessment skills. The focus on 'attack trees' specifically creates a clear niche. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
72%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill is well-structured and concise, appropriately delegating detail to a referenced playbook. Its main weakness is limited actionability—the instructions are procedural but abstract, lacking concrete examples of attack tree notation, annotation formats, or sample outputs that would make the guidance immediately executable. Adding a brief inline example and a validation checkpoint would significantly strengthen it.
Suggestions
Add a brief concrete example showing a small attack tree (e.g., a 3-4 node tree with AND/OR gates and leaf annotations for cost/skill/time/detectability) so Claude knows the expected output format.
Include an explicit validation/review step in the workflow, such as 'Review the completed tree against the defined scope to ensure all critical paths are covered and annotations are consistent.'
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is lean and efficient. It avoids explaining what attack trees are or how security assessments work—concepts Claude already knows. Every section earns its place with no padding. | 3 / 3 |
Actionability | The instructions provide a clear sequence of steps but remain at a fairly abstract level—no concrete examples of attack tree notation, no sample tree structure, no specific annotation format. The guidance describes what to do rather than showing exactly how. | 2 / 3 |
Workflow Clarity | Steps are listed in a logical sequence (confirm scope → decompose → annotate → map mitigations → prioritize), but there are no explicit validation checkpoints or feedback loops. For a process that could produce incomplete or incorrect threat models, a review/validation step is missing. | 2 / 3 |
Progressive Disclosure | The skill provides a concise overview and clearly signals a single one-level-deep reference to `resources/implementation-playbook.md` for detailed patterns, templates, and examples. Navigation is straightforward. | 3 / 3 |
Total | 10 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- boisenoise/skills-collections
- Commit
f1697b6
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.