CtrlK
BlogDocsLog inGet started
Tessl Logo

703-technologies-fuzzing-testing

Use when you need to add or review fuzz testing for Java APIs with CATS — including contract-driven negative testing, malformed payload validation, boundary input exploration, CI integration, reproducible failures, and local execution guidance. This should trigger for requests such as Add fuzz testing to a Java project; Use CATS for API negative testing; Review CI quality gates for API contract robustness; Improve boundary and malformed input test coverage. Part of cursor-rules-java project

67

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Quality

Content

70%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The body is a well-organized, concise overview with clear validation checkpoints and a clean one-level reference structure. Its main weaknesses are generic, non-actionable workflow prose and the failure to surface the bundled executable script and Dockerfile that would make the skill immediately actionable.

Suggestions

Replace the abstract workflow steps with concrete CATS execution guidance, or at minimum link to scripts/run-cats-fuzz.sh and assets/cats.dockerfile so the ready-made runner and image are discoverable from the body.

Tighten the workflow prose by removing the generic 'Gather scope and decide target improvements' / 'Apply technology-aligned changes' descriptions in favor of the specific actions already named in the reference.

De-duplicate the 'When to use this skill' bullet list, which repeats the same four triggers already present in the description frontmatter.

DimensionReasoningScore

Conciseness

The ~56-line body is mostly efficient and avoids explaining known concepts, but the generic workflow prose ('Identify requested outcomes, constraints, and the minimum safe set of changes'; 'Implement or refactor artifacts following the reference patterns') and a trigger list duplicated from the description could be tightened.

2 / 3

Actionability

Concrete commands are present ('./mvnw compile', './mvnw clean verify', 'cats/cats.jar'), but the core CATS execution guidance is deferred to the reference and the ready-made bundle script (run-cats-fuzz.sh) and cats.dockerfile are never referenced in the body — key actionable details are missing.

2 / 3

Workflow Clarity

A clear 4-step sequence is paired with explicit validation checkpoints and a feedback loop ('If compilation fails, stop immediately and do not proceed'; run verify after applying), matching the level-3 anchor.

3 / 3

Progressive Disclosure

The body is a clean overview with a well-signaled, one-level-deep reference (references/703-technologies-fuzzing-testing.md, which exists); content is appropriately split out of the body. The script and asset bundle files are not surfaced directly in the body but are reached via the reference.

3 / 3

Total

10

/

12

Passed

Description

90%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description is strong: it specifies concrete capabilities, provides natural trigger terms, answers both what and when, and occupies a clear niche. The only weakness is the second-person 'you' phrasing in the trigger clause, which the rubric penalizes on specificity.

DimensionReasoningScore

Specificity

Lists multiple concrete actions ('contract-driven negative testing, malformed payload validation, boundary input exploration, CI integration, reproducible failures'), which is a level-3 anchor, but the trigger clause uses second person ('Use when you need to add or review fuzz testing'), which the guidelines penalize by -1 on specificity.

2 / 3

Completeness

Clearly answers both what (the capabilities list) and when ('Use when you need to add or review fuzz testing...' and 'This should trigger for requests such as...'), matching the level-3 anchor with explicit triggers.

3 / 3

Trigger Term Quality

Strong natural-term coverage — 'fuzz testing,' 'CATS,' 'Java APIs,' 'API negative testing,' plus explicit example requests ('Add fuzz testing to a Java project,' 'Use CATS for API negative testing') that users would actually say.

3 / 3

Distinctiveness Conflict Risk

Clear niche — contract-driven fuzz testing for Java APIs with CATS — with distinct, specific triggers unlikely to fire for unrelated skills.

3 / 3

Total

11

/

12

Passed

Validation

100%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation16 / 16 Passed

Validation for skill structure

No warnings or errors.

Repository
jabrena/cursor-rules-java
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.