input-validation-checker
Input Validation Checker - Auto-activating skill for Security Fundamentals. Triggers on: input validation checker, input validation checker Part of the Security Fundamentals skill category.
33
0%
Does it follow best practices?
Impact
96%
1.09xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./planned-skills/generated/03-security-fundamentals/input-validation-checker/SKILL.mdQuality
Discovery
0%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is essentially a placeholder that repeats the skill name without providing any meaningful information about what the skill does or when it should be used. It lacks concrete actions, natural trigger terms, explicit usage guidance, and any distinguishing characteristics that would help Claude select it appropriately from a pool of skills.
Suggestions
Add specific concrete actions the skill performs, e.g., 'Checks code for input validation vulnerabilities including SQL injection, XSS, command injection, and path traversal. Recommends sanitization and validation patterns for user-supplied data.'
Add an explicit 'Use when...' clause with natural trigger terms, e.g., 'Use when the user asks about validating user input, sanitizing data, preventing injection attacks, XSS prevention, or reviewing code for input-related security vulnerabilities.'
Remove the duplicate trigger term ('input validation checker' is listed twice) and replace with diverse natural language variations users might actually say, such as 'input sanitization', 'validate form data', 'prevent SQL injection', 'secure user input'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description names a domain ('input validation') but describes no concrete actions. There are no specific capabilities listed like 'checks for SQL injection', 'validates user input fields', or 'sanitizes form data'. It's essentially just a title repeated. | 1 / 3 |
Completeness | The 'what' is extremely weak (no concrete actions described) and there is no 'when' clause explaining when Claude should use this skill. The 'Triggers on' line just repeats the skill name rather than providing meaningful trigger guidance. | 1 / 3 |
Trigger Term Quality | The trigger terms are just the skill name repeated twice ('input validation checker, input validation checker'). No natural user language variations like 'sanitize input', 'validate user data', 'check for injection', 'XSS', 'SQL injection', or 'form validation' are included. | 1 / 3 |
Distinctiveness Conflict Risk | The description is too vague to distinguish this from other security-related skills. 'Input validation' could overlap with code review skills, security scanning skills, or general security advice skills. No clear niche is carved out. | 1 / 3 |
Total | 4 / 12 Passed |
Implementation
0%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is an empty placeholder that contains no actionable content whatsoever. It describes what it would do in abstract terms but provides no actual input validation techniques, code examples, patterns, or workflows. It fails on every dimension because there is no substantive content to evaluate.
Suggestions
Add concrete, executable code examples for common input validation patterns (e.g., sanitizing SQL inputs, validating email formats, preventing XSS) in at least one language.
Define a clear workflow for auditing input validation in an existing codebase, with explicit steps like: identify entry points → check validation logic → test with malicious inputs → fix gaps → re-validate.
Remove all meta-description sections ('Purpose', 'When to Use', 'Example Triggers') and replace with actual technical content such as OWASP validation rules, allowlist/denylist patterns, and framework-specific examples.
Add references to supporting files (e.g., OWASP_CHECKLIST.md, EXAMPLES.md) or inline concrete validation schemas and patterns to make the skill genuinely useful.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is almost entirely filler and meta-description. It explains what the skill does in abstract terms without providing any actual technical content. Phrases like 'Provides step-by-step guidance' and 'Follows industry best practices' are empty padding. | 1 / 3 |
Actionability | There is zero concrete, executable guidance. No code examples, no specific validation techniques, no commands, no schemas, no patterns. The entire skill describes rather than instructs—it's a placeholder, not an actionable skill. | 1 / 3 |
Workflow Clarity | No workflow is defined at all. There are no steps, no sequences, no validation checkpoints. The skill claims to provide 'step-by-step guidance' but contains none. | 1 / 3 |
Progressive Disclosure | The content is a monolithic block of vague descriptions with no references to supporting files, no structured navigation, and no bundle files to support it. There is no meaningful content to organize. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
13d35b8
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.