CtrlK
BlogDocsLog inGet started
Tessl Logo

generating-security-audit-reports

This skill enables Claude to generate comprehensive security audit reports. It is designed to provide insights into an application or system's security posture, compliance status, and recommended remediation steps. Use this skill when the user requests a "security audit report", wants to "audit security", or needs a "vulnerability assessment report". The skill analyzes security data and produces a detailed report in various formats. It is best used to identify vulnerabilities, track compliance, and create remediation roadmaps. The skill can be activated via the command `/audit-report` or its shortcut `/auditreport`.

Install with Tessl CLI

npx tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill generating-security-audit-reports
What are skills?

91

1.03x

Quality

48%

Does it follow best practices?

Impact

100%

1.03x

Average score across 9 eval scenarios

Optimize this skill with Tessl

npx tessl skill review --optimize ./backups/skills-migration-20251108-070147/plugins/security/security-audit-reporter/skills/security-audit-reporter/SKILL.md
SKILL.md
Review
Evals

Evaluation results

100%

Security Assessment for RetailCo E-Commerce Platform

Report structure and required sections

Criteria
Without context
With context

Executive summary

100%

100%

Vulnerability details

100%

100%

Compliance status

100%

100%

Remediation recommendations

100%

100%

Vulnerabilities identified

100%

100%

Compliance issues identified

100%

100%

Remediation tied to vulns

100%

100%

Security posture statement

100%

100%

Severity classification

100%

100%

No missing required sections

100%

100%

Without context: $0.2957 · 3m 1s · 12 turns · 13 in / 5,924 out tokens

With context: $0.5354 · 3m 50s · 22 turns · 104 in / 9,229 out tokens

100%

Security Review for MedConnect Patient Portal

Compliance-focused audit reporting

Criteria
Without context
With context

HIPAA-focused compliance status

100%

100%

HIPAA Security Rule mapping

100%

100%

Non-compliance gaps identified

100%

100%

Remediation is HIPAA-relevant

100%

100%

Executive summary present

100%

100%

Vulnerability details present

100%

100%

Remediation section present

100%

100%

ePHI risk addressed

100%

100%

Severity classification

100%

100%

Compliance standard not broadened

100%

100%

Security posture statement

100%

100%

Without context: $0.2933 · 2m 59s · 11 turns · 12 in / 5,926 out tokens

With context: $0.5283 · 4m 9s · 21 turns · 102 in / 8,986 out tokens

100%

24%

Dual-Format Security Report for CloudBase Infrastructure

Multi-format report output

Criteria
Without context
With context

JSON format produced

100%

100%

Markdown format produced

100%

100%

JSON is valid

100%

100%

JSON has required sections

40%

100%

Markdown has required sections

60%

100%

Consistent content across formats

100%

100%

Vulnerability details in JSON

100%

100%

Remediation in JSON

25%

100%

Compliance status in JSON

0%

100%

No HTML-only output

100%

100%

Without context: $0.3534 · 3m 38s · 19 turns · 61 in / 5,033 out tokens

With context: $0.4972 · 4m 10s · 22 turns · 104 in / 6,851 out tokens

100%

5%

Security Audit Report: Network Infrastructure Assessment

Multi-source tool data integration

Criteria
Without context
With context

Nmap data used

100%

100%

Vuln scanner data used

100%

100%

Both sources integrated

100%

100%

System-specific content

100%

100%

Critical findings highlighted

100%

100%

Severity classification present

100%

100%

Executive summary present

100%

100%

Vulnerability details present

100%

100%

Remediation recommendations present

100%

100%

Security posture statement

100%

100%

Compliance section present

50%

100%

Without context: $0.3383 · 3m 3s · 15 turns · 14 in / 6,688 out tokens

With context: $0.4820 · 4m 59s · 21 turns · 102 in / 7,938 out tokens

100%

SOC2 Compliance Readiness Audit

SOC2 compliance audit reporting

Criteria
Without context
With context

SOC2-focused compliance

100%

100%

TSC criteria mapped

100%

100%

SOC2 gaps identified

100%

100%

Remediation SOC2-aligned

100%

100%

System-specific content

100%

100%

Executive summary present

100%

100%

Vulnerability/findings section present

100%

100%

Remediation section present

100%

100%

Security posture statement

100%

100%

Standard not diluted

100%

100%

Severity classification

100%

100%

Without context: $0.3117 · 3m 1s · 14 turns · 56 in / 5,939 out tokens

With context: $0.5161 · 4m 8s · 20 turns · 20 in / 8,850 out tokens

100%

Executive Security Briefing: HTML Audit Report

HTML format report generation

Criteria
Without context
With context

HTML file produced

100%

100%

Valid HTML structure

100%

100%

No markdown-only output

100%

100%

Executive summary in HTML

100%

100%

Vulnerability details in HTML

100%

100%

Compliance status in HTML

100%

100%

Remediation in HTML

100%

100%

Critical findings highlighted

100%

100%

Severity classification

100%

100%

Security posture statement

100%

100%

System-specific content

100%

100%

Without context: $0.2533 · 2m 10s · 9 turns · 10 in / 5,466 out tokens

With context: $0.5887 · 4m 8s · 21 turns · 53 in / 11,120 out tokens

100%

GDPR Security Audit for NovaMed Health Platform

GDPR compliance audit reporting

Criteria
Without context
With context

GDPR-focused compliance section

100%

100%

GDPR article mapping

100%

100%

GDPR gaps identified

100%

100%

Remediation GDPR-aligned

100%

100%

System-specific content

100%

100%

Executive summary present

100%

100%

Vulnerability details present

100%

100%

Remediation section present

100%

100%

Severity classification

100%

100%

Security posture statement

100%

100%

Standard not diluted

100%

100%

Without context: $0.2786 · 2m 39s · 10 turns · 11 in / 6,523 out tokens

With context: $0.5086 · 3m 49s · 22 turns · 22 in / 8,388 out tokens

100%

PCI-DSS Compliance Audit for Swift Checkout Payment Services

PCI-DSS compliance audit reporting

Criteria
Without context
With context

PCI-DSS focused compliance

100%

100%

PCI-DSS requirement mapping

100%

100%

PCI-DSS gaps identified

100%

100%

Remediation PCI-aligned

100%

100%

Critical findings highlighted

100%

100%

System-specific content

100%

100%

Executive summary present

100%

100%

Vulnerability details present

100%

100%

Remediation section present

100%

100%

Severity classification

100%

100%

Security posture statement

100%

100%

Without context: $0.3164 · 2m 43s · 11 turns · 12 in / 7,357 out tokens

With context: $0.5710 · 4m 8s · 21 turns · 21 in / 10,508 out tokens

100%

Web Application Security Assessment for Helios CRM

OWASP Top 10 web vulnerability assessment

Criteria
Without context
With context

OWASP framework referenced

100%

100%

OWASP category mapping

100%

100%

JSON format produced

100%

100%

JSON is valid

100%

100%

Critical findings highlighted

100%

100%

System-specific content

100%

100%

Executive summary present

100%

100%

Vulnerability details present

100%

100%

Remediation section present

100%

100%

Severity classification

100%

100%

Security posture statement

100%

100%

Without context: $0.4917 · 4m 9s · 18 turns · 19 in / 9,745 out tokens

With context: $0.6437 · 4m 27s · 25 turns · 257 in / 11,689 out tokens

Evaluated
Agent
Claude Code
Model
Claude Sonnet 4.6

Table of Contents

Security Assessment for RetailCo E-Commerce PlatformSecurity Review for MedConnect Patient PortalDual-Format Security Report for CloudBase InfrastructureSecurity Audit Report: Network Infrastructure AssessmentSOC2 Compliance Readiness AuditExecutive Security Briefing: HTML Audit ReportGDPR Security Audit for NovaMed Health PlatformPCI-DSS Compliance Audit for Swift Checkout Payment ServicesWeb Application Security Assessment for Helios CRM

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill