pivot-on-ioc
Explore GTI relationships for an IOC to discover related entities. Use to expand investigation by finding connected domains, IPs, files, or threat actors. Takes an IOC and relationship types to query.
88
86%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Quality
Discovery
85%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a well-structured skill description that clearly articulates its purpose and when to use it. The main weakness is reliance on technical acronyms (GTI, IOC) without spelling them out, which could reduce discoverability when users phrase requests differently. The description effectively distinguishes itself from other skills through its specific threat intelligence focus.
Suggestions
Expand acronyms on first use: 'IOC (indicator of compromise)' and 'GTI (Google Threat Intelligence)' to improve trigger term coverage for users who may use full terms.
Add natural language variations like 'threat intelligence lookup', 'related indicators', or 'pivot on indicator' to capture more user query patterns.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists specific concrete actions: 'Explore GTI relationships', 'discover related entities', 'expand investigation', 'finding connected domains, IPs, files, or threat actors', and 'Takes an IOC and relationship types to query'. | 3 / 3 |
Completeness | Clearly answers both what ('Explore GTI relationships for an IOC to discover related entities') and when ('Use to expand investigation by finding connected domains, IPs, files, or threat actors') with explicit trigger guidance. | 3 / 3 |
Trigger Term Quality | Includes relevant terms like 'IOC', 'domains', 'IPs', 'files', 'threat actors', and 'GTI relationships', but uses technical jargon (IOC, GTI) that users may not naturally say. Missing common variations like 'indicator of compromise', 'threat intelligence', or 'related indicators'. | 2 / 3 |
Distinctiveness Conflict Risk | Clear niche focused on GTI relationship exploration for IOCs with distinct triggers around threat intelligence investigation. Unlikely to conflict with general security or data analysis skills due to specific GTI and IOC terminology. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
87%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-structured, concise skill that provides clear actionable guidance for pivoting on IOCs in GTI. The use of tables for tool selection and relationship mapping is efficient. The main weakness is the lack of error handling or validation steps for when queries fail or return empty results.
Suggestions
Add a validation step after querying relationships to handle empty results or API errors (e.g., 'If no results returned, try alternative relationship types')
Include guidance on rate limiting or batching when querying multiple relationships
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is lean and efficient, using tables to compress information and avoiding unnecessary explanations. Every section serves a clear purpose without padding or explaining concepts Claude already knows. | 3 / 3 |
Actionability | Provides specific tool names, exact parameter syntax, and concrete examples with real relationship names. The workflow is copy-paste ready with clear tool selection logic and parameter mapping. | 3 / 3 |
Workflow Clarity | Steps are clearly sequenced (select tool → query relationships → store results), but lacks validation checkpoints or error handling guidance. No feedback loop for failed queries or rate limiting considerations. | 2 / 3 |
Progressive Disclosure | For a skill of this scope (~60 lines), the content is well-organized with clear sections. Tables efficiently present reference information, and the structure allows quick scanning without needing external files. | 3 / 3 |
Total | 11 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- dandye/ai-runbooks
- Commit
4d132c7
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.