content-security-policy-generator
Content Security Policy Generator - Auto-activating skill for Security Fundamentals. Triggers on: content security policy generator, content security policy generator Part of the Security Fundamentals skill category.
36
3%
Does it follow best practices?
Impact
96%
0.98xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./planned-skills/generated/03-security-fundamentals/content-security-policy-generator/SKILL.mdQuality
Discovery
7%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is essentially a placeholder that repeats the skill name without providing any meaningful information about what the skill does or when it should be used. It lacks concrete actions, natural trigger terms, and explicit usage guidance, making it very difficult for Claude to correctly select this skill from a pool of available options.
Suggestions
Add specific concrete actions the skill performs, e.g., 'Generates Content-Security-Policy headers, configures directives (script-src, style-src, img-src), validates existing CSP rules, and recommends security policies for web applications.'
Add a 'Use when...' clause with natural trigger terms like 'CSP', 'CSP header', 'Content-Security-Policy', 'security headers', 'script-src directive', 'cross-site scripting prevention', 'XSS protection headers'.
Remove the duplicate trigger term ('content security policy generator' is listed twice) and replace with diverse natural language variations users would actually use.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description names the domain ('Content Security Policy Generator') but does not describe any concrete actions. There are no specific capabilities listed like 'generates CSP headers', 'configures directives', or 'validates policies'. | 1 / 3 |
Completeness | The description fails to answer 'what does this do' beyond the name itself, and the 'when' clause is essentially just the skill name repeated. There is no explicit 'Use when...' guidance with meaningful triggers. | 1 / 3 |
Trigger Term Quality | The trigger terms are just the skill name repeated twice ('content security policy generator, content security policy generator'). Missing natural variations users would say like 'CSP', 'CSP header', 'security headers', 'Content-Security-Policy', 'script-src', 'nonce', etc. | 1 / 3 |
Distinctiveness Conflict Risk | The term 'Content Security Policy' is fairly specific to a particular web security concept, which provides some distinctiveness. However, the lack of concrete actions and the generic 'Security Fundamentals' category could cause overlap with other security-related skills. | 2 / 3 |
Total | 5 / 12 Passed |
Implementation
0%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is a hollow placeholder that contains no actual content about Content Security Policy generation. It repeatedly restates its own name and purpose without providing any actionable guidance, code examples, CSP directives, or workflows. It fails on every dimension of the rubric.
Suggestions
Add concrete CSP examples showing actual policy directives (e.g., `Content-Security-Policy: default-src 'self'; script-src 'self' https://trusted.cdn.com;`) with explanations of common directive patterns.
Include a step-by-step workflow: 1) Audit current resource origins, 2) Draft policy in report-only mode, 3) Monitor violations, 4) Tighten and enforce—with specific commands or code for each step.
Provide executable code for generating and validating CSP headers (e.g., a Python/Node snippet that builds a CSP string from a configuration object, plus a validation step using a CSP evaluator).
Remove all meta-description sections ('Purpose', 'When to Use', 'Example Triggers') that describe the skill rather than teaching CSP generation, and replace with actionable content.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is entirely filler and meta-description. It explains what the skill does in abstract terms without providing any actual CSP generation guidance. Every section restates the same vague information about 'content security policy generator' without adding substance. | 1 / 3 |
Actionability | There is zero concrete guidance—no CSP directives, no code examples, no commands, no sample policies. The skill describes rather than instructs, offering nothing executable or copy-paste ready. | 1 / 3 |
Workflow Clarity | No workflow is defined. There are no steps for generating, validating, or deploying a CSP. The mention of 'step-by-step guidance' and 'validates outputs' is purely aspirational with no actual steps or validation checkpoints provided. | 1 / 3 |
Progressive Disclosure | The content is a flat, repetitive wall of meta-descriptions with no meaningful structure. There are no references to detailed materials, no quick-start section, and no navigation to deeper content. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
3076d78
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.