incident-response-planner
Incident Response Planner - Auto-activating skill for Security Advanced. Triggers on: incident response planner, incident response planner Part of the Security Advanced skill category.
33
0%
Does it follow best practices?
Impact
97%
1.02xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./planned-skills/generated/04-security-advanced/incident-response-planner/SKILL.mdQuality
Discovery
0%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is essentially a placeholder with no substantive content. It repeats the skill name as its only trigger term, provides zero information about what the skill does, and lacks any 'Use when...' guidance. It would be nearly impossible for Claude to correctly select this skill from a pool of alternatives.
Suggestions
Add concrete capability descriptions such as 'Creates incident response plans, defines escalation procedures, generates communication templates, and outlines containment strategies for security incidents.'
Add an explicit 'Use when...' clause with natural trigger terms, e.g., 'Use when the user asks about incident response planning, breach response procedures, IR playbooks, security incident management, or escalation workflows.'
Diversify trigger terms to include natural variations users would say: 'security incident', 'breach response', 'IR plan', 'incident playbook', 'incident handling', 'security event response'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description contains no concrete actions whatsoever. It only names itself ('Incident Response Planner') and states it's part of 'Security Advanced' but never describes what it actually does—no verbs like 'creates plans', 'analyzes incidents', 'generates runbooks', etc. | 1 / 3 |
Completeness | Neither the 'what does this do' nor the 'when should Claude use it' questions are meaningfully answered. The description lacks any explanation of capabilities and provides no explicit 'Use when...' clause or equivalent trigger guidance. | 1 / 3 |
Trigger Term Quality | The trigger terms listed are just the skill name repeated twice ('incident response planner, incident response planner'). There are no natural user-language variations such as 'security incident', 'breach response', 'IR plan', 'incident playbook', or 'incident management'. | 1 / 3 |
Distinctiveness Conflict Risk | The description is so vague that it could overlap with any security-related skill. Without specific actions or clear scope, there is nothing to distinguish it from other security skills in a large skill library. | 1 / 3 |
Total | 4 / 12 Passed |
Implementation
0%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is an empty placeholder that provides no actual incident response planning content. It consists entirely of meta-descriptions about what the skill could do, without any actionable guidance, concrete procedures, code, templates, or references. It would need to be completely rewritten with substantive incident response content to be useful.
Suggestions
Add concrete incident response workflow phases (Preparation, Detection, Containment, Eradication, Recovery, Lessons Learned) with specific actions and validation checkpoints for each phase.
Include executable templates such as an incident response plan skeleton, severity classification matrix, communication templates, and runbook examples.
Provide specific, actionable checklists for common incident types (e.g., data breach, ransomware, DDoS) with concrete commands and tool references.
Remove all meta-description sections ('When to Use', 'Example Triggers', 'Capabilities') and replace with actual instructional content that teaches how to build and execute incident response plans.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is entirely filler and meta-description. It explains what the skill does in abstract terms without providing any actual incident response planning guidance. Every section restates the same vague concept. | 1 / 3 |
Actionability | There is zero concrete, executable guidance—no commands, no code, no frameworks, no checklists, no specific incident response procedures. It only describes what it could do rather than instructing how to do anything. | 1 / 3 |
Workflow Clarity | No workflow, steps, or process is defined. For an incident response planner, there should be clear phases (detection, containment, eradication, recovery, lessons learned) with validation checkpoints, but none are present. | 1 / 3 |
Progressive Disclosure | The content is a flat, shallow placeholder with no meaningful structure. There are no references to detailed materials, no linked resources, and the sections that exist contain no substantive content to organize. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
c8a915c
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.