generating-security-audit-reports
This skill enables Claude to generate comprehensive security audit reports. It is designed to provide insights into an application or system's security posture, compliance status, and recommended remediation steps. Use this skill when the user requests a "security audit report", wants to "audit security", or needs a "vulnerability assessment report". The skill analyzes security data and produces a detailed report in various formats. It is best used to identify vulnerabilities, track compliance, and create remediation roadmaps. The skill can be activated via the command `/audit-report` or its shortcut `/auditreport`.
91
48%
Does it follow best practices?
Impact
100%
1.03xAverage score across 9 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./backups/skills-migration-20251108-070147/plugins/security/security-audit-reporter/skills/security-audit-reporter/SKILL.mdQuality
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a solid description that clearly communicates when and why to use the skill, with explicit trigger terms and a 'Use when' clause. Its main weakness is that the capability descriptions are somewhat general—terms like 'analyzes security data' and 'detailed report in various formats' could be more concrete with specific examples of formats, vulnerability types, or compliance frameworks. The description also uses phrases like 'enables Claude to' which borders on indirect voice but is acceptable.
Suggestions
Add more specific concrete actions, e.g., 'scans for OWASP Top 10 vulnerabilities, checks against SOC 2/ISO 27001 compliance frameworks, outputs reports in PDF/Markdown/HTML formats' to improve specificity.
Replace vague phrases like 'analyzes security data' and 'various formats' with explicit examples of what data is analyzed and what output formats are supported.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description names the domain (security audit reports) and mentions some actions like 'identify vulnerabilities, track compliance, and create remediation roadmaps,' but these are somewhat general rather than listing multiple concrete, specific actions (e.g., it doesn't specify what formats, what types of vulnerabilities, or what compliance frameworks). | 2 / 3 |
Completeness | Clearly answers both 'what' (generate comprehensive security audit reports, identify vulnerabilities, track compliance, create remediation roadmaps) and 'when' (explicit 'Use this skill when...' clause with specific trigger phrases and commands). | 3 / 3 |
Trigger Term Quality | Includes strong natural trigger terms: 'security audit report', 'audit security', 'vulnerability assessment report', '/audit-report', '/auditreport', 'security posture', 'compliance status', 'remediation'. These cover multiple natural phrasings a user might use. | 3 / 3 |
Distinctiveness Conflict Risk | The description carves out a clear niche around security audit reports specifically, with distinct triggers like 'security audit report', 'vulnerability assessment report', and the `/audit-report` command. This is unlikely to conflict with general coding or document skills. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
7%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill content is almost entirely descriptive rather than instructive. It tells Claude what the skill does conceptually but provides no actionable guidance—no report templates, no output formats, no concrete examples of generated reports, no compliance checklists, and no executable workflows. It reads more like a product marketing page than a skill that would enable Claude to produce high-quality security audit reports.
Suggestions
Add a concrete report template/schema showing the exact sections (Executive Summary, Vulnerability Findings, Compliance Matrix, Remediation Roadmap) with example content for each section.
Include at least one complete example showing input data and the corresponding generated report output, so Claude knows the expected format and level of detail.
Define a clear step-by-step workflow with validation checkpoints, e.g., 'Confirm scope with user → Enumerate findings → Classify severity using CVSS → Draft report → Verify all findings have remediation steps → Output final report'.
Remove the 'How It Works', 'When to Use This Skill', 'Best Practices', and 'Integration' sections which provide no actionable information, and replace them with concrete compliance standard checklists or severity classification criteria.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is verbose and explains things Claude already knows. Sections like 'How It Works', 'When to Use This Skill', and 'Integration' restate obvious concepts without adding actionable value. The 'Overview' largely duplicates the description. Much of the content could be eliminated. | 1 / 3 |
Actionability | There is no concrete code, no templates, no report structure/schema, no specific commands, and no executable guidance. The examples describe what the skill 'will do' in vague terms rather than showing actual output formats, report sections, or how to structure findings. It describes rather than instructs. | 1 / 3 |
Workflow Clarity | The 'How It Works' section lists three abstract phases (Data Collection, Analysis, Report Generation) with no concrete steps, no validation checkpoints, and no feedback loops. The examples similarly describe outcomes without specifying any actual workflow Claude should follow to produce the report. | 1 / 3 |
Progressive Disclosure | The content is organized into sections with headers, which provides some structure. However, there are no references to external files, no report templates, and no supporting materials. The content is a monolithic set of vague descriptions that could benefit from splitting detailed report templates and compliance checklists into separate files. | 2 / 3 |
Total | 5 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Commit
13d35b8
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.