CtrlK
BlogDocsLog inGet started
Tessl Logo

multitenancy

Multi-tenant data isolation - critical security skill for SaaS applications. Use whenever each user or customer must see only their own data. Triggers on: row-level security, tenant isolation, "users see each other's data", "data leak", per-customer filtering, designer/owner access with data isolation. Covers three isolation patterns with tradeoffs. Use eagerly - wrong isolation is a security breach, not a bug. Pair with core for token generation and data-integration for connection-level overrides.

68

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Quality

Content

65%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The content is highly actionable with executable code, clear decision guidance, and strong pitfall coverage, but it is verbose with significant cross-section repetition and lacks an explicit tenant-isolation verification checkpoint. Splitting the three pattern guides into separate reference files would also improve progressive disclosure.

Suggestions

Deduplicate the recurring key facts (account_overrides naming, dashboard-filter insecurity, one-EmbedFilterGroup-per-org) into a single canonical location and reference it, rather than restating them in Pattern sections, Important Facts, Avoid, and Common Mistakes.

Add an explicit validation checkpoint to the pattern workflows — e.g. a step to confirm isolation by issuing a token for a different tenant and verifying only its rows are returned — so the security-critical flow has a feedback loop.

Move the full per-pattern code examples and detail into separate reference files under references/ and have SKILL.md present the comparison, decision tree, and pointers, reducing the inline footprint.

DimensionReasoningScore

Conciseness

The body mostly assumes Claude's competence and avoids basic-concept padding, but key facts repeat across sections — 'account_overrides' naming is restated 4+ times, 'dashboard-level filters are insecure' 4+ times, and 'one EmbedFilterGroup per organization' 3+ times, and the pattern comparison table duplicates the bullet list — so it could be tightened.

2 / 3

Actionability

Provides complete, executable JavaScript examples for each pattern (EmbedFilterGroup setup, parameter_overrides tokens, DB and plugin account_overrides) plus a decision tree and concrete pitfall diagnostics like 'you'll see: NO error... hit the BASE account's database', reaching the copy-paste-ready anchor.

3 / 3

Workflow Clarity

Pattern 1 has an explicit numbered setup sequence and the decision tree gives clear branching, but for a security-critical operation there is no explicit validate/verify-the-isolation checkpoint; recovery guidance lives only in a reactive Common Mistakes section, matching the 'steps present but checkpoints missing or implicit' anchor.

2 / 3

Progressive Disclosure

No bundle files exist in references/scripts/assets, and the ~400-line body keeps all three full pattern guides with code inline rather than splitting them into separate reference files; external doc URLs are clearly signaled, but content that should be separate is inline.

2 / 3

Total

9

/

12

Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

A strong, well-targeted description that clearly states what the skill does and when to use it, with concrete natural-language triggers and explicit integration boundaries. It earns top marks across specificity, trigger quality, completeness, and distinctiveness.

DimensionReasoningScore

Specificity

Names concrete capabilities and mechanisms — 'Covers three isolation patterns with tradeoffs', 'row-level security... per-customer filtering', and integration touchpoints ('Pair with core for token generation and data-integration for connection-level overrides') — matching the 'lists multiple specific concrete actions' anchor.

3 / 3

Completeness

Explicitly answers both what ('Multi-tenant data isolation... Covers three isolation patterns with tradeoffs') and when ('Use whenever each user or customer must see only their own data' plus an explicit 'Triggers on:' list), satisfying the 'what AND when with explicit triggers' anchor.

3 / 3

Trigger Term Quality

'Triggers on: row-level security, tenant isolation, "users see each other's data", "data leak", per-customer filtering, designer/owner access with data isolation' gives strong coverage of natural terms including quoted symptom phrasings a user would actually say.

3 / 3

Distinctiveness Conflict Risk

Clear platform-specific niche (Luzmo multi-tenant embedding) with distinct security-focused triggers and explicit pairing boundaries with sibling skills, making conflict with generic skills unlikely.

3 / 3

Total

12

/

12

Passed

Validation

93%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation15 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

metadata_field

'metadata' should map string keys to string values

Warning

Total

15

/

16

Passed

Repository
luzmo-official/agent-skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.