azure-rbac
**ANALYSIS SKILL** — Find the right Azure RBAC role for an identity with least-privilege access; generate CLI, Bicep, and Terraform code to assign it. WHEN: "what role should I assign", "least privilege role", "RBAC role for", "role for managed identity", "custom role definition", "assign role to identity". DO NOT USE FOR: deploying (azure-deploy), security audits (azure-compliance).
72
88%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is an excellent skill description that hits all the marks. It provides specific capabilities (RBAC role finding, code generation in multiple formats), includes natural trigger terms users would actually say, explicitly addresses both what and when, and proactively reduces conflict risk with a DO NOT USE FOR clause referencing other skills by name.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: finding the right Azure RBAC role for least-privilege access, generating CLI/Bicep/Terraform code for role assignment. These are clear, actionable capabilities. | 3 / 3 |
Completeness | Clearly answers both 'what' (find right Azure RBAC role, generate CLI/Bicep/Terraform code) and 'when' (explicit WHEN clause with trigger phrases). Also includes a DO NOT USE FOR clause that further clarifies boundaries. | 3 / 3 |
Trigger Term Quality | Includes highly natural trigger phrases users would actually say: 'what role should I assign', 'least privilege role', 'RBAC role for', 'role for managed identity', 'custom role definition', 'assign role to identity'. These cover common variations well. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with a clear niche (Azure RBAC role selection and assignment). The DO NOT USE FOR clause explicitly delineates boundaries against azure-deploy and azure-compliance skills, minimizing conflict risk. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
77%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-structured, highly actionable skill with clear multi-step workflow and concrete code examples across CLI, Bicep, and Terraform. Its main weakness is that it packs all three IaC formats inline, making it longer than necessary for a single SKILL.md, and includes some marginally useful details (AVM-TF module recommendation, verbose Terraform comments). The workflow sequencing with validation checkpoints is a notable strength.
Suggestions
Consider splitting Bicep and Terraform snippets into separate referenced files (e.g., BICEP_EXAMPLE.md, TERRAFORM_EXAMPLE.md) to reduce the main file length and improve progressive disclosure.
Trim the AVM-TF module recommendation and inline Terraform comments to reduce token usage — Claude can infer best practices when needed.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Generally efficient but includes some unnecessary explanation (e.g., the AVM-TF note, the prerequisites section could be more compact). The Terraform comment block adds tokens without strong value. However, it mostly avoids explaining concepts Claude already knows. | 2 / 3 |
Actionability | Provides fully executable CLI commands, Bicep snippets, Terraform resources, and custom role JSON scaffolding. Each step has concrete, copy-paste-ready code with placeholder patterns that are clear and specific. | 3 / 3 |
Workflow Clarity | Clear 7-step sequence from identifying the operation through verification. Includes validation checkpoints (step 3 verifies against live catalogue, step 7 checks caller permissions), a fallback path for custom roles (step 4), and explicit tool invocations for discovery. | 3 / 3 |
Progressive Disclosure | Uses an internal anchor link for prerequisites and has clear section structure, but all content is inline in a single file with no references to external files. The IaC snippets for three formats (CLI, Bicep, Terraform) make the file lengthy; the Terraform and Bicep examples could be split into referenced files for better organization. | 2 / 3 |
Total | 10 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- jonathan-vella/azure-agentic-infraops
- Commit
05d7617
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.