CtrlK
BlogDocsLog inGet started
Tessl Logo

content-security-policy-generator

Content Security Policy Generator - Auto-activating skill for Security Fundamentals. Triggers on: content security policy generator, content security policy generator Part of the Security Fundamentals skill category.

36

0.98x
Quality

3%

Does it follow best practices?

Impact

96%

0.98x

Average score across 3 eval scenarios

SecuritybySnyk

Passed

No known issues

Optimize this skill with Tessl

npx tessl skill review --optimize ./planned-skills/generated/03-security-fundamentals/content-security-policy-generator/SKILL.md
SKILL.md
Quality
Evals
Security

Evaluation results

100%

CSP for a SaaS Checkout Page

Production-ready CSP with third-party integrations

Criteria
Without context
With context

No unsafe-inline scripts

100%

100%

No unsafe-eval

100%

100%

object-src restricted

100%

100%

base-uri restricted

100%

100%

frame-ancestors directive

100%

100%

Stripe allowed in script-src

100%

100%

Stripe frame/child source

100%

100%

GTM allowed in script-src

100%

100%

CDN font source

100%

100%

Deployable middleware

100%

100%

Directive explanation report

100%

100%

default-src restricted

100%

100%

92%

CSP Security Audit for a Legacy Web Application

CSP audit and hardening

Criteria
Without context
With context

Wildcard default-src flagged

100%

100%

unsafe-inline flagged

100%

100%

unsafe-eval flagged

100%

100%

No unsafe-inline in fixed CSP scripts

100%

100%

No unsafe-eval in fixed CSP

100%

100%

Restricted default-src in fixed CSP

100%

100%

object-src none in fixed CSP

100%

100%

frame-ancestors in fixed CSP

0%

0%

YouTube frame allowed

100%

100%

User content images allowed

100%

100%

Missing directives identified

100%

100%

base-uri in fixed CSP

100%

100%

96%

-4%

Implementing CSP in a New Blog Platform

Step-by-step CSP implementation guidance

Criteria
Without context
With context

Numbered steps present

100%

100%

Report-only mode explained

100%

100%

Enforcement transition covered

100%

100%

Validation step included

100%

100%

No unsafe-inline scripts

100%

100%

No wildcard in script-src

100%

100%

self-hosted assets allowed

100%

100%

Image CDN allowed

100%

100%

object-src none

100%

100%

Deployable middleware export

100%

100%

frame-ancestors directive

100%

100%

base-uri restricted

100%

0%

Repository
jeremylongshore/claude-code-plugins-plus-skills
Commit

87f14eb

Evaluated
Agent
Claude Code
Model
Claude Sonnet 4.6

Table of Contents

CSP for a SaaS Checkout PageCSP Security Audit for a Legacy Web ApplicationImplementing CSP in a New Blog Platform

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill