endor-upgrade-impact
Analyze the impact of upgrading a dependency before you do it. Use when the user says "should I upgrade lodash", "what breaks if I update express", "upgrade impact", "endor upgrade", "breaking changes from upgrading", or wants to find the safest version that fixes vulnerabilities. Uses pre-computed Endor Labs data — no scanning required. Do NOT use for just checking vulnerabilities (/endor-check) or applying a fix (/endor-fix).
77
96%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Advisory
Suggest reviewing before use
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is an excellent skill description that covers all key dimensions thoroughly. It provides specific actions, natural trigger phrases users would actually say, explicit 'Use when' and 'Do NOT use' clauses, and clear differentiation from related skills. The inclusion of negative triggers to prevent conflicts with sibling skills (/endor-check, /endor-fix) is particularly well done.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists concrete actions: analyze upgrade impact, find safest version that fixes vulnerabilities, uses pre-computed Endor Labs data. Also specifies what it does NOT do (checking vulnerabilities, applying fixes), which adds clarity. | 3 / 3 |
Completeness | Clearly answers both 'what' (analyze dependency upgrade impact, find safest version fixing vulnerabilities) and 'when' (explicit 'Use when' clause with multiple trigger phrases, plus explicit 'Do NOT use' guidance for disambiguation). | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural trigger phrases: 'should I upgrade lodash', 'what breaks if I update express', 'upgrade impact', 'endor upgrade', 'breaking changes from upgrading'. These are realistic phrases users would actually say. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with explicit boundary-setting via 'Do NOT use for just checking vulnerabilities (/endor-check) or applying a fix (/endor-fix)', which directly prevents conflicts with sibling skills. The niche of pre-upgrade impact analysis is clearly carved out. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
92%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-crafted skill with excellent actionability and workflow clarity. The commands are specific and executable with proper filters and field masks, the workflow has clear sequencing with conditional steps and stop conditions, and the error handling table covers key failure scenarios. The only minor weakness is that referenced files cannot be verified since no bundle was provided, though the references themselves are well-signaled.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is lean and efficient. It avoids explaining what Endor Labs is, what dependencies are, or how upgrades work conceptually. Every section serves a direct purpose with concrete commands and output templates. No unnecessary padding. | 3 / 3 |
Actionability | Provides fully executable bash commands with specific flags, filters, and field masks. The output template is copy-paste ready with a clear markdown table format. Both CLI and MCP tool alternatives are given for Step 1. | 3 / 3 |
Workflow Clarity | Clear 4-step sequence with logical progression: find project → get recommendations → present results → deep-dive on request. Includes explicit stop condition ('If not found, inform the user and stop'), conditional logic for Step 4 (on request only), and an error handling table covering common failure modes. | 3 / 3 |
Progressive Disclosure | References to `references/install-commands.md`, `references/data-sources.md`, and `endor-safety.md` are well-signaled and one level deep. However, no bundle files were provided, so we cannot verify these references exist. The Step 4 CIA details are appropriately deferred ('on request only'), which is good progressive disclosure within the document itself. Some inline content (like the full output template) could arguably be in a reference file but is reasonable given the skill's scope. | 2 / 3 |
Total | 11 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- endorlabs/skills-ideas
- Commit
b958adc
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.