attack-tree-construction
Build comprehensive attack trees to visualize threat paths. Use when mapping attack scenarios, identifying defense gaps, or communicating security risks to stakeholders.
86
Quality
81%
Does it follow best practices?
Impact
98%
1.20xAverage score across 3 eval scenarios
Passed
No known issues
Quality
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a well-structured description that clearly communicates both purpose and usage triggers. The 'Use when...' clause provides explicit guidance with multiple relevant scenarios. The main weakness is that the capability description could be more specific about concrete actions beyond 'build' and 'visualize'.
Suggestions
Add more specific concrete actions to the capability portion, such as 'analyze attack vectors', 'calculate risk scores', or 'generate mitigation recommendations' to strengthen specificity.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (attack trees, threat paths) and some actions (build, visualize, mapping, identifying), but lacks comprehensive concrete actions like specific tree construction methods, output formats, or analysis techniques. | 2 / 3 |
Completeness | Clearly answers both what ('Build comprehensive attack trees to visualize threat paths') and when ('Use when mapping attack scenarios, identifying defense gaps, or communicating security risks to stakeholders') with explicit trigger guidance. | 3 / 3 |
Trigger Term Quality | Good coverage of natural terms: 'attack trees', 'threat paths', 'attack scenarios', 'defense gaps', 'security risks', 'stakeholders' - these are terms security professionals would naturally use when needing this capability. | 3 / 3 |
Distinctiveness Conflict Risk | Attack trees are a specific security modeling technique distinct from general threat modeling, vulnerability scanning, or other security skills. The triggers are specific enough to avoid conflicts with broader security analysis skills. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
72%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is well-structured and concise, appropriately delegating detailed content to a referenced playbook. However, the core instructions lack concrete examples of attack tree notation or annotation formats, making it difficult for Claude to produce consistent outputs without consulting the external resource. Adding a minimal example would significantly improve actionability.
Suggestions
Add a brief concrete example showing AND/OR node structure and leaf annotation format (cost, skill, time, detectability)
Include a validation step such as 'Review tree for completeness: all leaf nodes should have annotations and at least one mitigation mapped'
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is lean and efficient, avoiding unnecessary explanations of what attack trees are or basic security concepts. Every section serves a clear purpose without padding. | 3 / 3 |
Actionability | Instructions provide a clear process outline but lack concrete examples of attack tree notation, specific annotation formats, or sample AND/OR decompositions. The guidance is directional rather than executable. | 2 / 3 |
Workflow Clarity | Steps are listed in logical sequence but lack validation checkpoints. No feedback loop for verifying tree completeness or correctness before sharing with stakeholders. | 2 / 3 |
Progressive Disclosure | Clear overview structure with appropriate reference to implementation-playbook.md for detailed patterns. One-level-deep reference is well-signaled and content is appropriately split. | 3 / 3 |
Total | 10 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- boisenoise/skills-collections
- Commit
5c5ae21
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.