content-security-policy-generator
Content Security Policy Generator - Auto-activating skill for Security Fundamentals. Triggers on: content security policy generator, content security policy generator Part of the Security Fundamentals skill category.
Install with Tessl CLI
npx tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill content-security-policy-generatorOverall
score
19%
Does it follow best practices?
Validation for skill structure
Activation
7%This description is essentially a placeholder that provides almost no useful information for skill selection. It lacks any explanation of what the skill does, what actions it performs, or when it should be used. The trigger terms are redundant and miss common user terminology for CSP-related tasks.
Suggestions
Add specific actions the skill performs, e.g., 'Generates Content Security Policy headers, validates existing CSP configurations, recommends directives for XSS and injection protection'
Include a 'Use when...' clause with natural trigger scenarios, e.g., 'Use when the user asks about CSP, security headers, XSS protection, script-src directives, or browser security policies'
Add common variations and abbreviations users would naturally use: 'CSP', 'security headers', 'script-src', 'frame-ancestors', 'XSS prevention'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description only names the skill ('Content Security Policy Generator') without describing any concrete actions. It doesn't explain what the skill actually does - no verbs like 'generates', 'creates', 'validates', or specific capabilities are mentioned. | 1 / 3 |
Completeness | The description fails to answer 'what does this do' beyond the name, and provides no 'when should Claude use it' guidance. The 'Triggers on' section just repeats the skill name rather than providing meaningful trigger scenarios. | 1 / 3 |
Trigger Term Quality | The trigger terms listed are just the skill name repeated twice ('content security policy generator, content security policy generator'). Missing natural variations users would say like 'CSP', 'security headers', 'XSS protection', 'script-src', or 'browser security policy'. | 1 / 3 |
Distinctiveness Conflict Risk | The term 'Content Security Policy' is fairly specific to web security, which provides some distinctiveness. However, without describing specific capabilities, it could overlap with other security-related skills or general web development skills. | 2 / 3 |
Total | 5 / 12 Passed |
Implementation
0%This skill content is essentially a placeholder template with no actual CSP generation guidance. It describes what a skill should do rather than providing any actionable instructions, code examples, or CSP-specific knowledge. The content would be completely useless for actually helping generate Content Security Policies.
Suggestions
Add concrete CSP directive examples with explanations (e.g., `default-src 'self'; script-src 'self' https://trusted.cdn.com;`)
Include a step-by-step workflow: 1) Audit resources, 2) Define directive strategy, 3) Generate policy, 4) Test with report-only mode, 5) Monitor violations
Provide executable code for common frameworks (Express.js helmet, nginx config, meta tag generation)
Remove all generic boilerplate text and replace with CSP-specific guidance on common directives (default-src, script-src, style-src, img-src, connect-src, etc.)
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is padded with generic boilerplate that explains nothing Claude doesn't already know. Phrases like 'provides automated assistance' and 'follows industry best practices' are meaningless filler with no actual CSP-specific information. | 1 / 3 |
Actionability | There is zero concrete guidance on how to actually generate a Content Security Policy. No code examples, no directive explanations, no sample policies, no commands - just vague descriptions of what the skill supposedly does. | 1 / 3 |
Workflow Clarity | No workflow is provided whatsoever. A CSP generator should include steps like analyzing resources, choosing directives, testing policies, and handling violations - none of this is present. | 1 / 3 |
Progressive Disclosure | The content is a monolithic block of unhelpful text with no structure pointing to detailed materials. No references to CSP directive documentation, examples, or related security resources. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
69%Validation — 11 / 16 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
description_trigger_hint | Description may be missing an explicit 'when to use' trigger hint (e.g., 'Use when...') | Warning |
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
metadata_version | 'metadata' field is not a dictionary | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
body_steps | No step-by-step structure detected (no ordered list); consider adding a simple workflow | Warning |
Total | 11 / 16 Passed | |
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.