deepgram-security-basics
Apply Deepgram security best practices for API key management and data protection. Use when securing Deepgram integrations, implementing key rotation, or auditing security configurations. Trigger: "deepgram security", "deepgram API key security", "secure deepgram", "deepgram key rotation", "deepgram data protection", "deepgram PII redaction".
85
83%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Advisory
Suggest reviewing before use
Quality
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a well-structured skill description that clearly identifies its niche (Deepgram security), provides explicit 'Use when' guidance, and lists specific trigger terms. The main weakness is that the capability description could be more concrete about what specific actions it performs beyond general terms like 'best practices' and 'data protection'. Overall it is a strong description that would enable accurate skill selection.
Suggestions
Add more specific concrete actions, e.g., 'configure scoped API keys, set up key rotation schedules, enable PII redaction in transcription requests, audit key permissions' to improve specificity.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (Deepgram security) and some actions (API key management, data protection, key rotation, auditing security configurations), but the actions are somewhat general and not deeply concrete—e.g., it doesn't specify what 'best practices' entail beyond key rotation and auditing. | 2 / 3 |
Completeness | Clearly answers both 'what' (apply Deepgram security best practices for API key management and data protection) and 'when' (securing Deepgram integrations, implementing key rotation, auditing security configurations) with explicit trigger terms listed. | 3 / 3 |
Trigger Term Quality | Includes an explicit list of natural trigger terms covering multiple variations: 'deepgram security', 'deepgram API key security', 'secure deepgram', 'deepgram key rotation', 'deepgram data protection', 'deepgram PII redaction'. These are terms users would naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive due to the narrow niche of Deepgram-specific security practices. The trigger terms are all Deepgram-prefixed, making it very unlikely to conflict with generic security skills or other API-related skills. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
77%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a strong, actionable security skill with executable TypeScript examples covering key management, PII redaction, SSRF prevention, and audit logging. The workflow is well-sequenced with validation steps, particularly in key rotation. The main weakness is that the file is fairly long and could benefit from splitting detailed implementations (SSRF, audit logging) into separate reference files for better progressive disclosure.
Suggestions
Consider splitting SSRF validation and audit logging into separate reference files (e.g., SSRF_VALIDATION.md, AUDIT_LOGGING.md) to reduce the main file length and improve progressive disclosure.
Remove the 'Output' section as it merely restates the step headings without adding new information.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is mostly efficient with good code examples, but includes some unnecessary commentary (e.g., explaining what PCI/SSN redaction does when the inline comments already cover it, and the 'Output' section largely restates what was already covered). The inline comments are helpful but occasionally redundant. | 2 / 3 |
Actionability | Every step includes fully executable TypeScript code with real SDK calls, specific parameter values, and concrete examples. The code is copy-paste ready with proper imports, error handling, and usage patterns. | 3 / 3 |
Workflow Clarity | The 6-step sequence is logically ordered from foundational (scoped keys) through operational concerns (rotation, SSRF, audit logging). Key rotation includes explicit validation before deleting old keys (step 3: validate new key works, step 4: delete old key only after). The security checklist provides a verification checkpoint upfront. | 3 / 3 |
Progressive Disclosure | The content is well-structured with clear sections and a checklist overview, but it's a long monolithic file (~180 lines of code examples) with no bundle files to offload detail. The SSRF validation and audit logging sections could reasonably be separate reference files. External resource links are provided but no internal file references exist. | 2 / 3 |
Total | 10 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
3a2d27d
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.