dangerous-actions
Rosetta CRITICAL MUST skill. MUST activate when action or its consequence is potentially dangerous, potentially irreversible, potentially destructive, or HIGH RISK. MUST activate when consequence MAYBE dangerous even if action itself seems safe. This is enterprise environment — the cost of dangerous activities is EXTREMELY HIGH, recovery may be impossible, and blast radius may affect production, shared environments, or other teams.
44
45%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./instructions/r2/core/skills/dangerous-actions/SKILL.mdQuality
Discovery
17%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description reads as an internal safety policy declaration rather than a skill description. It heavily emphasizes urgency and risk language ('MUST', 'CRITICAL', 'EXTREMELY HIGH') but fails to describe what the skill actually does, what concrete actions it covers, or what its output looks like. The lack of specific trigger terms and concrete capabilities makes it both hard to distinguish from other skills and unlikely to be selected appropriately.
Suggestions
Add concrete actions the skill performs, e.g., 'Intercepts and requires explicit confirmation before executing destructive commands such as rm -rf, DROP TABLE, force push, production deployments, or permission changes.'
Replace abstract risk language with specific trigger terms users would naturally encounter, e.g., 'delete', 'drop', 'destroy', 'overwrite', 'deploy to prod', 'chmod', 'force push', 'truncate'.
Add a clear 'Use when...' clause that specifies observable triggers rather than subjective risk assessments, e.g., 'Use when the user requests file deletion, database modifications, production deployments, infrastructure changes, or any command that cannot be easily undone.'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description uses entirely abstract language like 'potentially dangerous', 'potentially irreversible', 'HIGH RISK' without listing any concrete actions the skill performs. There are no specific capabilities described — no verbs like 'blocks', 'warns', 'requires confirmation', etc. | 1 / 3 |
Completeness | The 'when' is addressed extensively (dangerous, irreversible, destructive actions), but the 'what' — what the skill actually does when activated — is completely missing. There is no explanation of the skill's output or behavior (e.g., does it block the action, prompt for confirmation, log it?). | 2 / 3 |
Trigger Term Quality | The description lacks natural keywords a user would say. Terms like 'dangerous', 'irreversible', 'destructive', 'HIGH RISK' are internal safety jargon, not user-facing trigger terms. Users would say things like 'delete database', 'drop table', 'rm -rf', 'deploy to production' — none of which appear here. | 1 / 3 |
Distinctiveness Conflict Risk | The description is extremely broad — 'potentially dangerous' or 'MAYBE dangerous' could apply to virtually any operation in an enterprise environment. This would likely conflict with or trigger alongside many other skills, as almost any action could be interpreted as having some risk. | 1 / 3 |
Total | 5 / 12 Passed |
Implementation
72%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a concise, well-structured safety guardrail skill that effectively communicates the core principle: stop, think, get approval before dangerous actions. Its main weakness is that the actionability could be stronger — it tells Claude what to do conceptually but doesn't provide concrete templates for blast radius assessment or user approval prompts. The workflow also lacks an explicit feedback loop for denied approvals or uncertain risk assessments.
Suggestions
Add a concrete example of how to present a blast radius assessment and approval request to the user (e.g., a template message format showing risk level, affected systems, and explicit approval prompt).
Add a feedback loop step: what to do if the user denies approval or if blast radius is uncertain (e.g., 'If uncertain, default to treating as dangerous and request clarification').
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Very lean and efficient. Every line serves a purpose — no unnecessary explanations of what dangerous actions are or why they matter. The XML-style tags add minimal overhead and provide clear structure. The examples are terse but illustrative. | 3 / 3 |
Actionability | The 4-step process is concrete and the examples list is helpful, but the guidance remains somewhat abstract — there are no specific commands, scripts, or templates for how to assess blast radius, how to present approval requests to users, or what a safer alternative looks like in practice. | 2 / 3 |
Workflow Clarity | The numbered steps provide a clear sequence, and the exceptions section is well-placed. However, there's no explicit validation checkpoint or feedback loop — e.g., what happens if the user denies approval, or how to verify blast radius assessment is complete before proceeding. For a skill governing destructive/irreversible operations, the absence of a verify-then-proceed gate caps this at 2. | 2 / 3 |
Progressive Disclosure | For a simple, short skill (~25 lines) with no need for external references, the content is well-organized into process, examples, exceptions, and pitfalls sections. The structure is clear and navigable without requiring additional files. | 3 / 3 |
Total | 10 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- griddynamics/rosetta
- Commit
0f3002b
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.