generating-compliance-reports
This skill enables Claude to generate compliance reports based on various security standards and frameworks. It leverages the compliance-report-generator plugin to automate the report creation process. Use this skill when a user requests a "compliance report", "security audit report", or needs documentation for "regulatory compliance". The skill is particularly useful for generating reports related to standards like PCI DSS, HIPAA, SOC 2, or ISO 27001. It can also assist with documenting adherence to specific security policies.
59
48%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./backups/skills-migration-20251108-070147/plugins/security/compliance-report-generator/skills/compliance-report-generator/SKILL.mdQuality
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a solid skill description that clearly communicates its purpose and provides explicit trigger guidance with relevant natural keywords. Its main weakness is that the specific capabilities beyond 'generate reports' are somewhat thin — it could benefit from listing more concrete actions like specific report sections, comparison capabilities, or gap analysis. The description also uses third person appropriately and avoids vague language.
Suggestions
Add more specific concrete actions beyond report generation, such as 'identify compliance gaps', 'compare current posture against framework requirements', or 'generate remediation recommendations' to improve specificity.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description names the domain (compliance reports, security standards) and mentions some actions like 'generate compliance reports' and 'documenting adherence to specific security policies', but it doesn't list multiple concrete distinct actions beyond report generation. It's mostly about one action (generating reports) with some context. | 2 / 3 |
Completeness | Clearly answers both 'what' (generates compliance reports based on security standards/frameworks) and 'when' (explicit 'Use this skill when...' clause with specific trigger phrases like 'compliance report', 'security audit report', 'regulatory compliance'). The when clause is explicit and well-defined. | 3 / 3 |
Trigger Term Quality | Includes strong natural trigger terms users would actually say: 'compliance report', 'security audit report', 'regulatory compliance', and specific standards like 'PCI DSS', 'HIPAA', 'SOC 2', 'ISO 27001'. These are terms users would naturally use when requesting this type of work. | 3 / 3 |
Distinctiveness Conflict Risk | The description carves out a clear niche around compliance/security reporting with specific framework names (PCI DSS, HIPAA, SOC 2, ISO 27001). This is unlikely to conflict with general document generation or other reporting skills due to the highly specific domain terminology. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
7%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill content is largely a marketing-style description rather than actionable technical guidance. It explains concepts Claude already understands, provides no executable code or concrete plugin invocation syntax, and describes workflows in abstract terms without validation steps. The content would need a complete rewrite focused on actual plugin API calls, parameter schemas, and concrete examples to be useful.
Suggestions
Replace abstract workflow descriptions with concrete plugin invocation syntax, including exact command/API call format, required parameters, and expected output structure.
Add at least one fully executable example showing the actual plugin call with real parameters and the expected report output format or schema.
Remove the 'Overview', 'When to Use', and 'Best Practices' sections which contain information Claude can infer, and replace with a concise quick-start showing the minimal invocation pattern.
Add validation/verification steps showing how to check that a generated report is complete and correctly formatted before presenting it to the user.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is verbose and padded with unnecessary explanations. Phrases like 'This skill empowers Claude to create detailed compliance reports, saving time and ensuring accuracy' and 'making compliance audits easier and more efficient' are filler. The 'When to Use This Skill' section largely repeats the description. Claude doesn't need to be told what compliance standards are or how plugins conceptually work. | 1 / 3 |
Actionability | The skill provides no concrete commands, code, API calls, or executable guidance. It describes what the skill 'will do' in abstract terms ('activate the compliance-report-generator plugin', 'prompt the user') without showing actual plugin invocation syntax, parameters, report schemas, or any copy-paste-ready instructions. The examples are narrative descriptions rather than actionable demonstrations. | 1 / 3 |
Workflow Clarity | The workflow steps are vague and abstract ('Gather Data', 'Generate Report') with no specific commands, validation checkpoints, or error recovery steps. There is no indication of how to actually invoke the plugin, what parameters to pass, or how to verify the output. The examples describe what will happen rather than prescribing concrete steps. | 1 / 3 |
Progressive Disclosure | The content has some structural organization with clear section headers (Overview, How It Works, Examples, Best Practices, Integration). However, there are no references to external files, no bundle files to support deeper content, and the inline content is mostly filler rather than substantive material that would benefit from being split out. | 2 / 3 |
Total | 5 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Commit
13d35b8
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.