generating-security-audit-reports
This skill enables Claude to generate comprehensive security audit reports. It is designed to provide insights into an application or system's security posture, compliance status, and recommended remediation steps. Use this skill when the user requests a "security audit report", wants to "audit security", or needs a "vulnerability assessment report". The skill analyzes security data and produces a detailed report in various formats. It is best used to identify vulnerabilities, track compliance, and create remediation roadmaps. The skill can be activated via the command `/audit-report` or its shortcut `/auditreport`.
Install with Tessl CLI
npx tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill generating-security-audit-reports91
Quality
48%
Does it follow best practices?
Impact
100%
1.03xAverage score across 9 eval scenarios
Optimize this skill with Tessl
npx tessl skill review --optimize ./backups/skills-migration-20251108-070147/plugins/security/security-audit-reporter/skills/security-audit-reporter/SKILL.mdDiscovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a well-structured skill description that clearly communicates when to use it with explicit trigger terms and a 'Use this skill when...' clause. The main weakness is that the capabilities described are somewhat general (analyze, identify, track) rather than listing specific concrete actions the skill performs. The description effectively distinguishes itself from other skills through security-specific terminology.
Suggestions
Add more specific concrete actions like 'scans for common vulnerabilities (SQL injection, XSS, CSRF)', 'checks compliance against OWASP/CIS benchmarks', or 'generates CVE-referenced findings' to improve specificity.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (security audit reports) and some actions like 'analyze security data', 'identify vulnerabilities', 'track compliance', and 'create remediation roadmaps', but these are somewhat general rather than listing multiple concrete specific actions like 'scan for OWASP Top 10 vulnerabilities' or 'check SSL certificate expiration'. | 2 / 3 |
Completeness | Clearly answers both what ('generate comprehensive security audit reports', 'analyzes security data', 'identify vulnerabilities, track compliance, create remediation roadmaps') AND when ('Use this skill when the user requests a security audit report, wants to audit security, or needs a vulnerability assessment report'). | 3 / 3 |
Trigger Term Quality | Includes good natural trigger terms users would say: 'security audit report', 'audit security', 'vulnerability assessment report', plus command triggers '/audit-report' and '/auditreport'. These cover common variations of how users would request this functionality. | 3 / 3 |
Distinctiveness Conflict Risk | Has a clear niche focused specifically on security audit reports with distinct triggers like 'security audit', 'vulnerability assessment', and specific commands. Unlikely to conflict with general document or code skills. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
7%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill content is highly abstract and provides no actionable guidance for generating security audit reports. It describes what the skill does conceptually but fails to provide templates, report structures, specific compliance checklists, or any executable examples. Claude would not know how to actually produce a security audit report from this content.
Suggestions
Add a concrete report template showing the exact structure and sections of a security audit report (executive summary format, vulnerability table schema, remediation priority matrix)
Include specific examples of vulnerability categorization (CVSS scoring, severity levels) and compliance check formats for common standards like PCI-DSS or HIPAA
Replace abstract workflow steps with actionable instructions: what data to request from the user, how to structure findings, what output format to use
Remove explanatory content about what security audits are and focus on the specific format and structure Claude should produce
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is verbose and explains concepts Claude already knows (what data collection is, what analysis means). Phrases like 'This skill allows Claude to create' and 'The plugin analyzes the collected data' add no value. The entire document could be reduced to a fraction of its size. | 1 / 3 |
Actionability | No concrete code, commands, templates, or executable guidance provided. The examples describe what 'the skill will' do abstractly rather than showing actual report formats, data structures, or specific steps Claude should take. There's no copy-paste ready content. | 1 / 3 |
Workflow Clarity | The 'How It Works' section lists vague steps like 'gathers data from various security tools' without specifying which tools, what data format, or how to actually perform these steps. No validation checkpoints or error handling for what is potentially a complex multi-step process. | 1 / 3 |
Progressive Disclosure | The content has some structure with clear section headers (Overview, How It Works, Examples, Best Practices), but everything is inline with no references to detailed materials. For a security audit skill, there should be links to report templates, compliance checklists, or vulnerability categorization guides. | 2 / 3 |
Total | 5 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.