input-validation-checker
Input Validation Checker - Auto-activating skill for Security Fundamentals. Triggers on: input validation checker, input validation checker Part of the Security Fundamentals skill category.
33
0%
Does it follow best practices?
Impact
96%
1.09xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./planned-skills/generated/03-security-fundamentals/input-validation-checker/SKILL.mdQuality
Discovery
0%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is essentially a placeholder that provides no meaningful information beyond the skill's name. It lacks concrete actions, natural trigger terms, explicit 'when to use' guidance, and any distinguishing details that would help Claude select it appropriately from a pool of skills. The repeated trigger term is a clear sign of auto-generated boilerplate rather than thoughtful description.
Suggestions
Add specific concrete actions the skill performs, e.g., 'Checks code for input validation vulnerabilities including SQL injection, XSS, command injection, and path traversal. Recommends sanitization and validation patterns.'
Add an explicit 'Use when...' clause with natural trigger terms, e.g., 'Use when the user asks about validating user input, sanitizing data, preventing injection attacks, XSS prevention, or reviewing code for input-related security vulnerabilities.'
Remove the redundant duplicate trigger term and replace with diverse natural language variations users might actually say, such as 'input sanitization', 'injection prevention', 'validate form data', 'security review'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description names a domain ('input validation') but describes no concrete actions. There are no specific capabilities listed like 'checks for SQL injection', 'validates user input fields', or 'sanitizes form data'. It's essentially just a label. | 1 / 3 |
Completeness | The description fails to answer 'what does this do' beyond the name itself, and there is no 'when should Claude use it' clause. The 'Triggers on' line just repeats the skill name rather than providing meaningful trigger guidance. | 1 / 3 |
Trigger Term Quality | The only trigger terms listed are 'input validation checker' repeated twice. There are no natural user keywords like 'sanitize input', 'SQL injection', 'XSS', 'form validation', 'user input security', or other terms a user would naturally say. | 1 / 3 |
Distinctiveness Conflict Risk | The description is too vague to distinguish this from other security-related skills. 'Input validation' could overlap with code review skills, security audit skills, or general coding best practices skills without any clear differentiating triggers or scope. | 1 / 3 |
Total | 4 / 12 Passed |
Implementation
0%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is essentially a placeholder with no substantive content. It describes what it claims to do (input validation checking) without providing any actual guidance, code, patterns, or references. Every section is generic boilerplate that could apply to any skill topic by swapping the name.
Suggestions
Add concrete, executable code examples demonstrating input validation patterns (e.g., sanitizing user input, parameterized queries, allowlist validation) in at least one language.
Define a clear workflow for reviewing code for input validation vulnerabilities, including specific steps and validation checkpoints (e.g., check for SQL injection, XSS, command injection).
Replace the generic 'Capabilities' and 'Example Triggers' sections with actionable checklists or reference tables (e.g., OWASP input validation rules, common vulnerability patterns with fixes).
Link to or reference supplementary materials for advanced topics like OWASP Top 10 mappings, language-specific validation libraries, or detailed secure coding guides.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is padded with generic filler that tells Claude nothing it doesn't already know. Phrases like 'Provides step-by-step guidance' and 'Follows industry best practices' are vacuous. The entire body contains zero actionable information about input validation. | 1 / 3 |
Actionability | There is no concrete code, no specific commands, no examples of input validation patterns, no libraries, no techniques—nothing executable or instructive. It only describes what the skill supposedly does without actually doing it. | 1 / 3 |
Workflow Clarity | No workflow, steps, or process is defined. The skill claims to provide 'step-by-step guidance' but contains none. There are no validation checkpoints or sequences of any kind. | 1 / 3 |
Progressive Disclosure | The content is a monolithic block of generic marketing-style text with no references to detailed materials, no links to examples, and no structured navigation to deeper content. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
c8a915c
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.