It names the domain ('Endor Labs commands') and describes the general action ('quick reference'), but does not list specific concrete actions or capabilities beyond 'security scanning capabilities'.

Clearly answers both 'what' (quick reference for all available Endor Labs commands) and 'when' (explicit 'Use when' clause with multiple trigger phrases, plus a 'Do NOT use when' clause for disambiguation).

Includes multiple natural trigger phrases users would actually say: 'endor help', 'what commands are available', 'endor usage', 'what can endor do', and 'discover available security scanning capabilities'. Also includes a helpful negative trigger to avoid conflicts.

The explicit 'Do NOT use when the user already knows which specific command they want — route to that skill directly' clause clearly distinguishes this as a discovery/help skill versus specific command skills, minimizing conflict risk.

The content is lean and efficient — it's a pure reference table with no unnecessary explanations of what security scanning is or how CLI tools work. Every token serves the purpose of command discovery.

Provides concrete, copy-paste ready commands with clear descriptions. The 'Quick Examples' section shows exact usage patterns with arguments, making it immediately actionable for users.

For a reference/discovery skill, the workflow is simply 'present this to the user.' The commands are logically grouped by category (Getting Started → Scanning → Analysis → Findings → Compliance → Advanced), and the Tips section provides clear guidance on when to use which command. This is a single-task skill where the action is unambiguous.

The content is well-organized with clear categorical sections, but it's entirely self-contained with no references to deeper documentation for individual commands. The final line mentions providing detailed usage for specific commands but doesn't point to where those details live (e.g., linking to individual skill files).