azure-compliance
**ANALYSIS SKILL** — Azure compliance and security auditing: best practices, Key Vault expiration monitoring, resource validation. WHEN: "compliance scan", "security audit", "Key Vault expiration check", "expired certificates", "orphaned resources". DO NOT USE FOR: cost analysis (azure-cost-optimization), governance discovery (azure-governance-discovery).
61
71%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./.github/skills/azure-compliance/SKILL.mdQuality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is an excellent skill description that covers all key dimensions well. It provides specific capabilities, natural trigger terms, explicit when-to-use guidance, and even anti-patterns referencing other skills to minimize conflict. The 'DO NOT USE FOR' clause is a particularly strong differentiator that helps Claude route correctly among related Azure skills.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'compliance and security auditing', 'best practices', 'Key Vault expiration monitoring', 'resource validation'. These are concrete, domain-specific capabilities. | 3 / 3 |
Completeness | Clearly answers both 'what' (Azure compliance/security auditing, Key Vault monitoring, resource validation) and 'when' (explicit WHEN clause with trigger phrases). Also includes a 'DO NOT USE FOR' clause that further clarifies boundaries. | 3 / 3 |
Trigger Term Quality | Includes highly natural trigger terms users would say: 'compliance scan', 'security audit', 'Key Vault expiration check', 'expired certificates', 'orphaned resources'. These are realistic phrases a user would type when needing this skill. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with explicit negative boundaries ('DO NOT USE FOR: cost analysis, governance discovery') referencing specific other skills by name. The Azure security/compliance niche with Key Vault specifics makes it clearly distinguishable. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
42%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill excels at organization and progressive disclosure, with well-structured tables and clear navigation to reference materials. However, it critically lacks actionability — there are no concrete code examples, specific MCP tool call patterns, or executable commands that Claude could follow. The workflow is too high-level to guide complex compliance auditing operations without the referenced files providing the actual implementation details.
Suggestions
Add concrete examples of MCP tool calls (e.g., show exact parameters for `mcp_azure-mcp_extension_azqr` and `keyvault_secret_list`) with expected output formats.
Expand the 5-step workflow with specific commands at each step, validation checkpoints (e.g., 'Verify azqr output file exists and contains results'), and a feedback loop for handling scan failures.
Remove or merge the 'Skill Activation Triggers' section with 'When to Use This Skill' to eliminate redundancy, and remove the generic 'Rules' section that doesn't add actionable guidance.
Add at least one end-to-end example showing a Key Vault expiration audit with specific tool calls, expected output parsing, and finding classification.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is reasonably organized but includes some redundancy — the 'Skill Activation Triggers' section largely duplicates 'When to Use This Skill', and the 'Rules' section contains generic advice Claude already knows. The tables are efficient but there's unnecessary padding overall. | 2 / 3 |
Actionability | The skill lacks any concrete, executable code or commands. Steps like 'Run azqr and capture output artifacts' and 'Analyze Scan Results' are vague directions without specific tool invocations, command syntax, or example outputs. There are no copy-paste ready examples of MCP tool calls or az CLI commands. | 1 / 3 |
Workflow Clarity | The 5-step workflow provides a sequence but lacks validation checkpoints, feedback loops, and specificity. There's no explicit 'verify scan completed successfully' step, no error recovery loop, and the steps read more like a high-level outline than an actionable workflow. The error handling table partially compensates but isn't integrated into the workflow. | 2 / 3 |
Progressive Disclosure | Excellent progressive disclosure structure with a clear overview, well-organized reference tables with 'When to Load' guidance, explicit instruction to not read all references at once, and one-level-deep references to specific topics (SDK guides, assessment references, remediation patterns). | 3 / 3 |
Total | 8 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- jonathan-vella/azure-agentic-infraops
- Commit
05d7617
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.