cx-incident-management
Use this skill when the user asks to "investigate incident", "triage this alert", "what's firing", "who got paged", "incident response", "check incident status", "SLO breaching", "error budget burned", "check service level", "SLI status", "who was notified", "check notification delivery", "verify alert routing", "MTTR", "incident severity", "error budget", "burn rate", "acknowledge incident", "resolve incident", "production incident", "what alerts are active", "incident timeline", "on-call triage", or wants to triage, manage, or respond to incidents using alerts, SLOs, and notifications.
63
55%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/cx-incident-management/SKILL.mdQuality
Discovery
37%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is essentially a long list of trigger phrases with no explanation of what the skill actually does. While the trigger term coverage is excellent and comprehensive, the complete absence of capability descriptions (concrete actions, tools used, outputs produced) makes it very weak as a skill description. It tells Claude when to use the skill but not what the skill will do.
Suggestions
Add a clear 'what it does' section before the trigger terms, listing specific concrete actions (e.g., 'Queries monitoring systems for active alerts, checks SLO compliance and error budget burn rates, retrieves on-call schedules and notification delivery status, and manages incident lifecycle from acknowledgment to resolution.').
Restructure to lead with capabilities and follow with a concise 'Use when...' clause — the current 24+ quoted trigger phrases could be condensed to key categories (e.g., 'Use when the user asks about incident triage, SLO/error budget status, alert routing, or on-call management').
Rewrite in third person voice describing the skill's actions (e.g., 'Triages production incidents by checking active alerts, SLO status, and notification delivery') rather than the current format which is purely a trigger-phrase list.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description lists no concrete actions or capabilities. It only provides trigger phrases and a vague closing clause ('triage, manage, or respond to incidents using alerts, SLOs, and notifications') but never describes what the skill actually does — no specific operations, tools, or outputs are mentioned. | 1 / 3 |
Completeness | While the 'when' is thoroughly covered with explicit trigger phrases, the 'what does this do' is essentially missing. The description never explains what concrete actions or capabilities the skill provides. Having only one half addressed, and the missing half being the core capability description, caps this at 1. | 1 / 3 |
Trigger Term Quality | The description provides extensive coverage of natural trigger terms users would say, including 'investigate incident', 'what's firing', 'who got paged', 'SLO breaching', 'error budget burned', 'MTTR', 'what alerts are active', and many more variations. These are realistic phrases a user would naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | The incident response / SLO / alerting domain is fairly specific and the many trigger terms help narrow the niche. However, without describing what the skill actually does (e.g., query a specific monitoring platform, create incident reports, etc.), it could overlap with other incident-related skills. | 2 / 3 |
Total | 7 / 12 Passed |
Implementation
72%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a solid incident management skill with excellent actionability—every section provides concrete, executable CLI commands with useful jq filters. The structure and progressive disclosure are well done, with clear cross-references to related skills. The main weaknesses are some verbosity in explanatory text that Claude doesn't need, and the absence of validation/error-handling checkpoints in the triage workflow, which is important for incident response operations.
Suggestions
Add validation checkpoints to the triage workflow (e.g., 'If no TRIGGERED incidents found, check if alerts are firing to detect missed incident creation' or 'If notification test fails, verify connector credentials before checking routing').
Remove filler sentences like 'Get an overview of what's happening' and 'Review the incident timeline and related events to understand scope and progression'—the commands and section headers already convey intent.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Generally efficient with good use of tables and code blocks, but includes some unnecessary filler phrases ('Get an overview of what's happening', 'Review the incident timeline and related events to understand scope and progression') and the Key Principles section restates things Claude would naturally do. Could be tightened by ~20%. | 2 / 3 |
Actionability | Provides fully executable CLI commands with flags, jq filters for structured output, and concrete examples for every operation including incident actions, SLO management, and notification debugging. Commands are copy-paste ready. | 3 / 3 |
Workflow Clarity | The 6-step triage workflow is clearly sequenced and logical, but lacks explicit validation checkpoints or feedback loops. There's no guidance on what to do if a step fails (e.g., if incidents list returns empty, if SLO data looks stale, if notification test fails). For incident management—a high-stakes operational domain—this is a gap. | 2 / 3 |
Progressive Disclosure | Well-structured with clear sections progressing from CLI overview → triage workflow → specific actions → SLO management → notification debugging. Cross-references to related skills (cx-alerts, cx-telemetry-querying, cx-observability-setup) are clearly signaled and one level deep. Content is appropriately organized for a standalone skill with no bundle. | 3 / 3 |
Total | 10 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- coralogix/cx-cli
- Commit
defdc4d
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.