generating-security-audit-reports
tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill generating-security-audit-reportsThis skill enables Claude to generate comprehensive security audit reports. It is designed to provide insights into an application or system's security posture, compliance status, and recommended remediation steps. Use this skill when the user requests a "security audit report", wants to "audit security", or needs a "vulnerability assessment report". The skill analyzes security data and produces a detailed report in various formats. It is best used to identify vulnerabilities, track compliance, and create remediation roadmaps. The skill can be activated via the command `/audit-report` or its shortcut `/auditreport`.
Validation
81%| Criteria | Description | Result |
|---|---|---|
metadata_version | 'metadata' field is not a dictionary | Warning |
license_field | 'license' field is missing | Warning |
body_output_format | No obvious output/return/format terms detected; consider specifying expected outputs | Warning |
Total | 13 / 16 Passed | |
Implementation
7%This skill content reads like marketing copy rather than actionable instructions. It describes what the skill does conceptually but provides no concrete guidance on how Claude should actually generate security audit reports—no templates, no data formats, no specific analysis procedures, and no example outputs.
Suggestions
Add a concrete report template or JSON schema showing the exact structure of the security audit output Claude should generate
Replace vague 'How It Works' steps with specific, executable instructions (e.g., what data to look for, what analysis to perform, what format to output)
Include at least one complete example showing input data and the corresponding generated report section
Remove explanatory content about what security audits are and focus on the specific procedures Claude should follow
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is verbose and explains concepts Claude already knows (what security audits are, what compliance means). Sections like 'How It Works' and 'When to Use This Skill' describe rather than instruct, wasting tokens on obvious information. | 1 / 3 |
Actionability | No concrete code, commands, templates, or executable guidance provided. The skill describes what it 'will do' abstractly but never shows actual report formats, data schemas, or specific analysis steps Claude should take. | 1 / 3 |
Workflow Clarity | The 'How It Works' section lists vague steps ('gathers data', 'analyzes') without specifying what data sources, what analysis methods, or what validation checkpoints. No concrete workflow for Claude to follow. | 1 / 3 |
Progressive Disclosure | Content is organized into sections with headers, but everything is inline with no references to detailed materials. The structure exists but content that could be separate (report templates, compliance checklists) is neither included nor referenced. | 2 / 3 |
Total | 5 / 12 Passed |
Activation
90%This is a well-structured skill description that clearly communicates when to use it with explicit trigger terms and a 'Use this skill when...' clause. The main weakness is that the specific capabilities could be more concrete - it describes general categories of actions rather than specific technical operations. The description effectively distinguishes itself from other skills through security-specific terminology.
Suggestions
Replace general phrases like 'analyzes security data' with more specific actions such as 'scans for OWASP Top 10 vulnerabilities, checks authentication configurations, reviews access control policies'
Specify the 'various formats' mentioned - e.g., 'produces reports in PDF, HTML, or Markdown formats' to add concrete detail
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (security audit reports) and some actions like 'analyze security data', 'identify vulnerabilities', 'track compliance', and 'create remediation roadmaps', but these are somewhat general rather than listing multiple concrete specific actions like 'scan for OWASP Top 10 vulnerabilities' or 'check SSL certificate expiration'. | 2 / 3 |
Completeness | Clearly answers both what ('generate comprehensive security audit reports', 'analyzes security data', 'identify vulnerabilities, track compliance, create remediation roadmaps') and when ('Use this skill when the user requests a security audit report, wants to audit security, or needs a vulnerability assessment report'). | 3 / 3 |
Trigger Term Quality | Includes good natural trigger terms users would say: 'security audit report', 'audit security', 'vulnerability assessment report', plus command triggers '/audit-report' and '/auditreport'. These cover common variations of how users would request this functionality. | 3 / 3 |
Distinctiveness Conflict Risk | Has a clear niche focused specifically on security audit reports with distinct triggers like 'security audit', 'vulnerability assessment', and specific commands. Unlikely to conflict with general document or code skills. | 3 / 3 |
Total | 11 / 12 Passed |
Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.