Lists multiple concrete actions: display findings, filter by severity, reachability, category (vuln/sast/secrets/license). Also explicitly states what it does NOT do (running scans, explaining CVEs), which adds specificity.

Clearly answers both 'what' (display and filter security findings from Endor Labs with specific filter dimensions) and 'when' (explicit 'Use when' clause with multiple trigger phrases). Also includes negative boundaries ('Do NOT use for...') which further clarifies scope.

Excellent coverage of natural trigger phrases: 'show findings', 'list vulnerabilities', 'what did the scan find', 'endor findings', 'show me critical reachable vulns', plus domain terms like severity, reachability, and category types.

Highly distinctive with explicit negative boundaries referencing other skills (/endor-scan, /endor-explain), clear niche of browsing/filtering findings, and specific product name (Endor Labs). Very unlikely to conflict with other skills.

Every section is lean and purposeful. The filter reference table is compact, the workflow steps are minimal, and there's no explanation of concepts Claude already knows. No wasted tokens.

Provides concrete API filter strings, exact CLI commands, a complete output template with markdown table format, and specific next-step commands. The filter mapping table is directly executable guidance.

Clear 3-step sequence (Query → Interpret → Present) with multiple options for querying. Priority ordering is explicit, error handling covers key failure modes with specific recovery actions, and the default filter behavior is clearly stated.

References to external files (references/cli-parsing.md, references/reachability-tags.md, references/data-sources.md) are well-signaled and one level deep, but no bundle files were provided, so we cannot verify these references actually exist. The main content is well-structured with appropriate inline detail.