attack-tree-construction
Build comprehensive attack trees to visualize threat paths. Use when mapping attack scenarios, identifying defense gaps, or communicating security risks to stakeholders.
69
62%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/antigravity-attack-tree-construction/SKILL.mdQuality
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a well-structured description with a clear 'Use when...' clause, strong trigger terms, and a distinct niche. Its main weakness is that the capability description could be more specific about the concrete actions performed (e.g., types of analysis, output formats, methodologies supported). Overall it is a solid description that would perform well in skill selection.
Suggestions
Add more specific concrete actions to boost specificity, e.g., 'Build comprehensive attack trees with threat actor enumeration, likelihood scoring, and mitigation mapping to visualize threat paths.'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | It names the domain (attack trees, threat paths) and a few actions (build, visualize, map, identify, communicate), but doesn't list specific concrete sub-actions like 'enumerate threat actors, calculate risk scores, generate STRIDE-based trees, export to diagram formats.' The actions remain somewhat high-level. | 2 / 3 |
Completeness | Clearly answers both 'what' (build comprehensive attack trees to visualize threat paths) and 'when' (Use when mapping attack scenarios, identifying defense gaps, or communicating security risks to stakeholders) with an explicit 'Use when...' clause. | 3 / 3 |
Trigger Term Quality | Includes strong natural trigger terms users would say: 'attack trees', 'threat paths', 'attack scenarios', 'defense gaps', 'security risks', 'stakeholders'. These cover the main ways a user would phrase requests in this domain. | 3 / 3 |
Distinctiveness Conflict Risk | Attack trees are a very specific security analysis technique, making this clearly distinguishable from general security skills, threat modeling skills, or risk assessment skills. The trigger terms like 'attack trees' and 'threat paths' are niche and unlikely to conflict. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
35%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill provides a high-level outline for attack tree construction but lacks the concrete, actionable guidance needed to be useful. There are no examples of attack trees, no output format specifications, and no sample annotations. The referenced implementation playbook is missing from the bundle, leaving the skill as an abstract description rather than executable instruction.
Suggestions
Add a concrete example showing a complete small attack tree with AND/OR nodes, leaf annotations (cost, skill, time, detectability), and the expected output format (e.g., Mermaid diagram, markdown outline, or structured JSON).
Include at least one worked example showing the full workflow from root goal to prioritized paths with mitigations, so Claude knows exactly what the output should look like.
Add validation checkpoints to the workflow, such as 'Verify all leaf nodes have annotations before proceeding to mitigation mapping' and 'Review tree completeness by checking each branch terminates in a concrete, testable action.'
Provide the referenced `resources/implementation-playbook.md` bundle file, or inline the essential templates and patterns if the file cannot be included.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is relatively brief but includes some unnecessary sections like 'Do not use this skill when' and 'Limitations' that largely restate obvious constraints Claude already understands. The safety and limitations sections are somewhat boilerplate. | 2 / 3 |
Actionability | The instructions are vague and abstract — 'Decompose into sub-goals with AND/OR structure' and 'Annotate leaves with cost, skill, time, and detectability' provide no concrete examples, no output format, no sample attack tree, and no executable steps. It describes rather than instructs. | 1 / 3 |
Workflow Clarity | There is a rough sequence (confirm scope → decompose → annotate → map mitigations → prioritize), but no validation checkpoints, no feedback loops, and no concrete criteria for when a step is complete. For a multi-step analytical process, the lack of verification or iteration guidance is a gap. | 2 / 3 |
Progressive Disclosure | The skill references `resources/implementation-playbook.md` for detailed patterns and templates, which is good progressive disclosure structure. However, no bundle files were provided, so the referenced resource doesn't actually exist, making the reference a dead link. The main content itself is thin enough that it's unclear what value the reference adds. | 2 / 3 |
Total | 7 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- boisenoise/skills-collections
- Commit
431bfad
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.