azure-compliance
**ANALYSIS SKILL** — Azure compliance and security auditing: best practices, Key Vault expiration monitoring, resource validation. WHEN: "compliance scan", "security audit", "Key Vault expiration check", "expired certificates", "orphaned resources". DO NOT USE FOR: cost analysis (azure-cost-optimization), governance discovery (azure-governance-discovery).
61
71%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./.github/skills/azure-compliance/SKILL.mdQuality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is an excellent skill description that hits all the key criteria. It provides specific capabilities, natural trigger terms, explicit when-to-use guidance, and even anti-triggers to prevent conflicts with related skills. The structured format (WHEN/DO NOT USE FOR) makes it highly parseable for skill selection.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'compliance and security auditing', 'best practices', 'Key Vault expiration monitoring', 'resource validation'. These are concrete, domain-specific capabilities. | 3 / 3 |
Completeness | Clearly answers both 'what' (Azure compliance/security auditing, Key Vault monitoring, resource validation) and 'when' (explicit WHEN clause with trigger phrases). Also includes a 'DO NOT USE FOR' clause that further clarifies scope boundaries. | 3 / 3 |
Trigger Term Quality | Includes highly natural trigger terms users would say: 'compliance scan', 'security audit', 'Key Vault expiration check', 'expired certificates', 'orphaned resources'. These are realistic phrases a user would type. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with explicit boundary-setting via 'DO NOT USE FOR' clauses referencing specific sibling skills (azure-cost-optimization, azure-governance-discovery). The niche of Azure compliance/security auditing with Key Vault focus is clearly delineated. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
42%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill has excellent structure and progressive disclosure, with well-organized tables and clear navigation to reference materials. However, it falls short on actionability — the core workflow is described abstractly without any concrete commands, MCP tool invocation examples, or expected output formats. The content reads more like a table of contents than an executable guide.
Suggestions
Add concrete examples of MCP tool invocations in the Steps section, e.g., show the exact call to `mcp_azure-mcp_extension_azqr` with parameters and a sample output snippet.
Include at least one end-to-end example workflow showing specific tool calls, expected outputs, and how to interpret results (e.g., a Key Vault expiration check with sample findings).
Add validation checkpoints between steps — e.g., after running azqr, verify the output file exists and contains results before proceeding to analysis.
Consolidate 'When to Use This Skill' and 'Skill Activation Triggers' into a single section to reduce redundancy.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is reasonably organized but includes some redundancy — the 'Skill Activation Triggers' section largely duplicates 'When to Use This Skill', and the 'Rules' section contains generic advice Claude already knows (e.g., 'run compliance scans on a regular schedule'). The tables are clean but some content could be tightened. | 2 / 3 |
Actionability | The skill lacks any concrete, executable code or commands. Steps like 'Run azqr and capture output artifacts' and 'Analyze Scan Results' are vague directions without specific tool invocations, parameters, or example outputs. There are no copy-paste ready commands or code snippets anywhere in the body. | 1 / 3 |
Workflow Clarity | The 5-step workflow provides a reasonable sequence but lacks validation checkpoints, feedback loops, or explicit error recovery between steps. For a security auditing workflow involving potentially destructive remediation recommendations, the absence of validation gates is a notable gap. | 2 / 3 |
Progressive Disclosure | The skill excels at progressive disclosure with a clear overview, well-organized reference tables with explicit 'When to Load' guidance, SDK quick references by language, and a clear instruction to 'Load these on demand — do NOT read all at once.' References are one level deep and clearly signaled. | 3 / 3 |
Total | 8 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- jonathan-vella/azure-agentic-infraops
- Commit
c73f028
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.