endor-validate-policy

Validate an Endor Labs policy against a project to test if it matches any findings. Use when the user says "validate policy", "test policy", "does this policy match", "endor validate", "check policy against project", or wants to verify that a policy (finding or exception) correctly targets findings in a specific project before enforcing it. Do NOT use for creating policies (/endor-policy) or viewing findings (/endor-findings).

Quality

88%

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

Securityby

Passed

No known issues

Quality

Discovery

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

This is an excellent skill description that hits all the marks. It provides a clear, specific action, comprehensive trigger terms users would naturally use, explicit 'Use when' and 'Do NOT use' clauses, and strong differentiation from related skills. The negative boundary clauses are particularly effective for reducing conflict risk in a multi-skill environment.

Dimension	Reasoning	Score
Specificity	The description clearly states the concrete action: 'Validate an Endor Labs policy against a project to test if it matches any findings.' It specifies the domain (Endor Labs), the action (validate/test policy), and the target (findings in a specific project).	3 / 3
Completeness	Clearly answers both 'what' (validate an Endor Labs policy against a project to test if it matches findings) and 'when' (explicit 'Use when' clause with multiple trigger phrases). Additionally includes negative boundaries ('Do NOT use for...') which further clarifies when to use it.	3 / 3
Trigger Term Quality	Excellent coverage of natural trigger terms: 'validate policy', 'test policy', 'does this policy match', 'endor validate', 'check policy against project'. These are phrases users would naturally say. It also includes conceptual triggers like 'verify that a policy correctly targets findings'.	3 / 3
Distinctiveness Conflict Risk	Highly distinctive with explicit negative boundaries distinguishing it from related skills (/endor-policy for creating policies, /endor-findings for viewing findings). The specific domain (Endor Labs) and action (validate/test policy matching) create a clear niche unlikely to conflict with other skills.	3 / 3
	Total	12 / 12 Passed

Implementation

77%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This is a well-structured, highly actionable skill with clear workflows and good error handling. Its main weakness is moderate verbosity from repeating SBOM guidance in multiple places and listing every command variant as a separate code block rather than using a more compact representation. The progressive disclosure could be improved by extracting the output templates or command reference into a supplementary file.

Suggestions

Consolidate the SBOM-based project guidance into a single callout/note rather than repeating it in the dedicated section, Step 1, Step 2, the no-match template, and the error table.

Consider using a compact flag table (flag | description | when to use) instead of separate code blocks for each command variant to reduce token count.

Dimension	Reasoning	Score
Conciseness	The skill is mostly efficient but includes some redundancy — the SBOM-based project guidance is repeated across the dedicated section, Step 1, Step 2 examples, the 'no match' output template, and the error handling table. The multiple command variants are useful but could be more compact (e.g., a flag table instead of separate code blocks for each combination).	2 / 3
Actionability	Every step includes fully executable, copy-paste-ready bash commands with clear placeholders. The input parsing section specifies exactly what to extract, the command variants cover all realistic scenarios, and the output templates give concrete markdown formatting to follow.	3 / 3
Workflow Clarity	The three-step workflow (resolve → validate → present) is clearly sequenced with explicit decision points (SBOM detection triggers --all-releases). The 'no match' section includes diagnostic reasoning and retry guidance, and the error handling table provides a feedback loop for common failure modes.	3 / 3
Progressive Disclosure	The skill is somewhat long with all command variants inline, and only has a single external reference (references/data-sources.md) at the very end with minimal context. The output templates and extensive command examples could potentially be split into a reference file, but the content is reasonably well-organized with clear headers.	2 / 3
	Total	10 / 12 Passed

Validation

100%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 11 / 11 Passed

Validation for skill structure

No warnings or errors.

Repository: endorlabs/skills-ideas
Commit: 344e7ff

Reviewed: 3 days ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.