attack-tree-construction
Build comprehensive attack trees to visualize threat paths. Use when mapping attack scenarios, identifying defense gaps, or communicating security risks to stakeholders.
84
Quality
81%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Quality
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a well-structured skill description with strong completeness and distinctiveness. It includes an explicit 'Use when...' clause with relevant trigger scenarios. The main weakness is that the capabilities could be more specific about what concrete actions the skill performs beyond 'build' and 'visualize'.
Suggestions
Add more specific concrete actions such as 'enumerate attack vectors', 'calculate risk scores', 'generate visual diagrams', or 'prioritize mitigation strategies' to improve specificity.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (attack trees, threat paths) and some actions (build, visualize, mapping, identifying), but lacks comprehensive concrete actions like specific tree construction methods, output formats, or analysis techniques. | 2 / 3 |
Completeness | Clearly answers both what ('Build comprehensive attack trees to visualize threat paths') and when ('Use when mapping attack scenarios, identifying defense gaps, or communicating security risks to stakeholders') with explicit trigger guidance. | 3 / 3 |
Trigger Term Quality | Good coverage of natural terms: 'attack trees', 'threat paths', 'attack scenarios', 'defense gaps', 'security risks', 'stakeholders' - these are terms security professionals would naturally use when needing this capability. | 3 / 3 |
Distinctiveness Conflict Risk | Clear niche focused specifically on attack trees - distinct from general security analysis, threat modeling, or vulnerability assessment skills. The specific mention of 'attack trees' and 'threat paths' creates a well-defined scope. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
72%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is well-structured and appropriately concise, respecting Claude's intelligence. However, it lacks concrete examples of attack tree notation, sample decompositions, or specific annotation formats that would make it immediately actionable. The workflow would benefit from explicit validation steps before sharing trees with stakeholders.
Suggestions
Add a concrete example showing a simple attack tree with AND/OR notation and leaf annotations (cost, skill, time, detectability)
Include a sample annotation format or template for leaf node attributes
Add a validation checkpoint before sharing (e.g., 'Verify all paths terminate in actionable leaves' or 'Review with security lead before distribution')
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is lean and efficient, avoiding unnecessary explanations of what attack trees are or basic security concepts. Every section serves a clear purpose without padding. | 3 / 3 |
Actionability | Instructions provide a clear process outline but lack concrete examples of attack tree notation, specific annotation formats, or sample decompositions. The guidance is directional rather than executable. | 2 / 3 |
Workflow Clarity | Steps are listed in logical sequence but lack validation checkpoints. No feedback loop for verifying tree completeness or correctness before sharing with stakeholders. | 2 / 3 |
Progressive Disclosure | Clean structure with overview content in SKILL.md and clear reference to implementation-playbook.md for detailed patterns. One-level-deep reference is well-signaled. | 3 / 3 |
Total | 10 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- duclm1x1/Dive-Ai
- Commit
20ba150
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.