ideogram-security-basics

Apply Ideogram security best practices for API key management and access control. Use when securing API keys, implementing key rotation, or auditing Ideogram security configuration. Trigger with phrases like "ideogram security", "ideogram secrets", "secure ideogram", "ideogram API key security", "ideogram key rotation".

Quality

—

Does it follow best practices?

Impact

—

No eval scenarios have been run

Securityby

Passed

No known issues

Quality

Content

92%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The content is highly actionable and concise, with executable code and a well-sequenced rotation workflow that includes verification checkpoints. Its main weakness is progressive disclosure: everything lives inline in one file with no reference bundle to offload the larger code blocks.

Suggestions

Move the larger code blocks (server-side proxy, prompt sanitization, pre-commit hook) into files under references/ or scripts/ and link to them from SKILL.md, so the body stays a lean overview with one-level-deep references.

Add a short 'Verify' subsection or checklist item confirming the rotated key returns 200 before retiring the old key, making the existing feedback loop explicit.

Consider splitting the key-rotation procedure into its own reference file (e.g. references/rotation.md) since it is the longest and most procedural section.

Dimension	Reasoning	Score
Conciseness	The body is lean and code-dense — env storage, rotation bash, server-side proxy, pre-commit hook, and sanitization — with minimal prose and no explanation of concepts Claude already knows. It does not fall to 2 because the little prose present is Ideogram-specific (e.g. the single Api-Key header note) rather than padding.	3 / 3
Actionability	Provides fully executable, copy-paste-ready code and commands (curl verification, TypeScript proxy, pre-commit grep hook, sanitization function). It is not below 3 because examples are complete rather than pseudocode.	3 / 3
Workflow Clarity	The five-step sequence is clearly ordered with validation checkpoints — fail-fast key validation in Step 1, 'Verify new key works' via curl http_code in Step 2, and 'Delete old key... after confirming zero traffic'. It is not below 3 because explicit verify-before-proceed feedback loops are present for the risky rotation operation.	3 / 3
Progressive Disclosure	The skill is a single ~175-line file with all code inline and no bundle files (references/scripts/assets absent); the only onward pointers are to another skill and external URLs. It is not 3 because no content is split into one-level-deep reference files, and not 1 because sections are well-organized rather than a monolithic wall.	2 / 3
	Total	11 / 12 Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description is strong: it states concrete capabilities, gives an explicit 'Use when' trigger clause, and supplies natural trigger phrases scoped to a distinctive Ideogram-security niche. It uses third-person voice with no over-claims.

Dimension	Reasoning	Score
Specificity	Lists multiple concrete actions — 'API key management and access control', plus 'key rotation' and 'auditing Ideogram security configuration' — rather than vague language. The 'best practices' phrasing is mildly generic, but the enumerated actions are specific enough to clear the top anchor.	3 / 3
Completeness	Explicitly answers both what ('Apply Ideogram security best practices for API key management and access control') and when ('Use when securing API keys, implementing key rotation, or auditing...'), satisfying the top anchor.	3 / 3
Trigger Term Quality	Provides good coverage of natural phrases a user would say ('ideogram security', 'secure ideogram', 'ideogram API key security', 'ideogram key rotation'), matching the top anchor for natural-term coverage.	3 / 3
Distinctiveness Conflict Risk	Scoped to a clear niche (Ideogram security) with Ideogram-specific triggers, making conflict with unrelated skills unlikely. It is not below 3 because the triggers are narrow and brand-specific.	3 / 3
	Total	12 / 12 Passed

Validation

87%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 14 / 16 Passed

Validation for skill structure

Criteria	Description	Result
allowed_tools_field	'allowed-tools' contains unusual tool name(s)	Warning
frontmatter_unknown_keys	Unknown frontmatter key(s) found; consider removing or moving to metadata	Warning

	Total	14 / 16 Passed

Repository: jeremylongshore/claude-code-plugins-plus-skills
Commit: 1628598

Reviewed: about 3 hours ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.