gamma-enterprise-rbac
Implement enterprise role-based access control for Gamma integrations. Use when configuring team permissions, multi-tenant access, or enterprise authorization patterns. Trigger with phrases like "gamma RBAC", "gamma permissions", "gamma access control", "gamma enterprise", "gamma roles".
80
77%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./plugins/saas-packs/gamma-pack/skills/gamma-enterprise-rbac/SKILL.mdQuality
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a solid skill description that clearly identifies its niche (Gamma-specific RBAC), provides explicit trigger terms, and answers both what and when. Its main weakness is that the specific capabilities could be more concrete—listing actual actions like 'create roles, assign permissions, configure tenant isolation' rather than broad categories like 'enterprise authorization patterns.'
Suggestions
Add more concrete actions such as 'create roles, assign user permissions, configure tenant isolation, define access policies' to improve specificity beyond category-level descriptions.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description names the domain ('enterprise role-based access control for Gamma integrations') and mentions some actions like 'configuring team permissions, multi-tenant access, or enterprise authorization patterns,' but these are more like categories than concrete specific actions (e.g., no mention of creating roles, assigning permissions, defining policies, etc.). | 2 / 3 |
Completeness | The description clearly answers both 'what' (implement enterprise RBAC for Gamma integrations) and 'when' (configuring team permissions, multi-tenant access, enterprise authorization patterns), with explicit trigger phrases provided. | 3 / 3 |
Trigger Term Quality | The description explicitly lists natural trigger phrases like 'gamma RBAC', 'gamma permissions', 'gamma access control', 'gamma enterprise', 'gamma roles', and also includes terms like 'team permissions', 'multi-tenant access', and 'enterprise authorization patterns' which provide good keyword coverage. | 3 / 3 |
Distinctiveness Conflict Risk | The description is highly specific to 'Gamma integrations' combined with RBAC/enterprise access control, creating a clear niche that is unlikely to conflict with generic permission or access control skills. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
64%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill provides highly actionable, executable TypeScript code for implementing RBAC around Gamma's API, with a clear explanation that Gamma itself lacks per-user auth. However, it's overly long for a single SKILL.md — the multi-tenant, quota, and audit sections should be split into referenced files. The workflow lacks validation checkpoints critical for security-sensitive access control implementation.
Suggestions
Add validation checkpoints after key steps, e.g., 'Test that a viewer role is correctly denied generation:create access' and 'Verify cross-tenant isolation by confirming tenant A cannot access tenant B resources'.
Split Steps 3-5 (multi-tenant, quotas, audit logging) into separate referenced files (e.g., MULTI_TENANT.md, QUOTAS.md, AUDIT.md) and keep SKILL.md as a concise overview with Step 1-2 inline.
Remove explanatory comments that Claude doesn't need (e.g., '// Set by your auth middleware', '// Encrypted in database') to improve token efficiency.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is reasonably well-structured but includes some verbose sections. The multi-tenant service, quota system, and audit logging add significant length and could be split into separate reference files. Some inline comments are unnecessary for Claude (e.g., '// Set by your auth middleware'). The access model ASCII diagram is helpful but the overall content is longer than needed for a single SKILL.md. | 2 / 3 |
Actionability | The code examples are fully executable TypeScript with concrete types, middleware patterns, database queries, and route handlers. The permission matrix, role definitions, and quota configurations are all copy-paste ready with specific values. Error handling table provides concrete solutions. | 3 / 3 |
Workflow Clarity | Steps are clearly numbered and sequenced (1-5), but there are no validation checkpoints or feedback loops. For an enterprise RBAC system involving security-sensitive operations like permission enforcement and multi-tenant isolation, there should be explicit verification steps (e.g., 'test that a viewer cannot access generation:create', 'verify tenant isolation by attempting cross-tenant access'). | 2 / 3 |
Progressive Disclosure | The content is mostly monolithic — all five implementation steps with full code are inline in a single file. The multi-tenant service, quota system, and audit logging could each be separate reference files linked from the overview. The 'Next Steps' reference to gamma-migration-deep-dive is good, but the main content would benefit from splitting detailed implementations into linked files. | 2 / 3 |
Total | 9 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
3e83543
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.