CtrlK
CommunityDocumentationLog inGet started
Tessl Logo

assisting-with-soc2-audit-preparation

tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill assisting-with-soc2-audit-preparation

This skill assists with SOC2 audit preparation by automating tasks related to evidence gathering and documentation. It leverages the soc2-audit-helper plugin to generate reports, identify potential compliance gaps, and suggest remediation steps. Use this skill when the user requests help with "SOC2 audit", "compliance check", "security controls", "audit preparation", or "evidence gathering" related to SOC2. It streamlines the initial stages of SOC2 compliance, focusing on automated data collection and preliminary analysis.

51%

Overall

Validation81%

Implementation7%

Activation90%

SKILL.md
Review
Evals

Validation

81%
CriteriaDescriptionResult

metadata_version

'metadata' field is not a dictionary

Warning

license_field

'license' field is missing

Warning

body_output_format

No obvious output/return/format terms detected; consider specifying expected outputs

Warning

Total

13

/

16

Passed

Implementation

7%

This skill content is largely descriptive rather than instructive, explaining what the skill does conceptually without providing actionable guidance. It lacks concrete plugin invocation syntax, parameter specifications, output format examples, and validation steps. The content would benefit from executable examples and specific commands rather than abstract descriptions of behavior.

Suggestions

Add concrete plugin invocation syntax showing exact commands/parameters (e.g., `soc2-audit-helper --environment aws --scope security-controls`)

Include an example of actual plugin output format (JSON schema or sample report structure) so Claude knows what to expect and how to interpret results

Remove the 'How It Works' and 'When to Use This Skill' sections - this information is redundant with the skill description and wastes tokens

Add validation/error handling guidance: what to do if the plugin fails, how to verify report completeness, and how to handle partial results

DimensionReasoningScore

Conciseness

The content is verbose and explains concepts Claude already knows (what SOC2 is, general workflow descriptions). Sections like 'How It Works' and 'When to Use This Skill' add little actionable value and repeat information from the description.

1 / 3

Actionability

No concrete code, commands, or executable guidance provided. Examples describe what 'the skill will do' abstractly rather than showing actual plugin invocation syntax, parameters, or expected output formats.

1 / 3

Workflow Clarity

The workflow is vague ('invoke the plugin', 'generate a report') with no specific steps, validation checkpoints, or error handling. No guidance on what to do if the plugin fails or returns unexpected results.

1 / 3

Progressive Disclosure

Content is organized into sections but everything is inline with no references to external documentation. The 'Integration' section hints at broader context but provides no links or concrete guidance.

2 / 3

Total

5

/

12

Passed

Activation

90%

This is a well-structured skill description that excels at completeness and trigger term quality with an explicit 'Use this skill when...' clause containing natural user phrases. The main weakness is that the specific capabilities could be more concrete - terms like 'generate reports' and 'identify gaps' are somewhat generic. The description correctly uses third person voice throughout.

Suggestions

Make capabilities more concrete by specifying what types of reports are generated (e.g., 'generates control matrices, evidence checklists, and gap analysis reports')

Add specific examples of security controls or compliance areas covered to increase specificity

DimensionReasoningScore

Specificity

Names the domain (SOC2 audit preparation) and lists some actions (generate reports, identify compliance gaps, suggest remediation steps), but actions remain somewhat general rather than highly concrete and comprehensive.

2 / 3

Completeness

Clearly answers both what (automating evidence gathering, generating reports, identifying gaps, suggesting remediation) AND when (explicit 'Use this skill when...' clause with specific trigger phrases).

3 / 3

Trigger Term Quality

Explicitly lists natural trigger terms users would say: 'SOC2 audit', 'compliance check', 'security controls', 'audit preparation', 'evidence gathering'. Good coverage of variations users might naturally use.

3 / 3

Distinctiveness Conflict Risk

Very specific niche focused on SOC2 compliance specifically, with distinct triggers like 'SOC2 audit' and 'security controls'. Unlikely to conflict with general document or code skills.

3 / 3

Total

11

/

12

Passed

Reviewed

Table of Contents

ValidationImplementationActivation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill