CtrlK
BlogDocsLog inGet started
Tessl Logo

azure-rbac

Helps users find the right Azure RBAC role for an identity with least privilege access, then generate CLI commands and Bicep code to assign it. Also provides guidance on permissions required to grant roles. WHEN: bicep for role assignment, what role should I assign, least privilege role, RBAC role for, role to read blobs, role for managed identity, custom role definition, assign role to identity, what role do I need to grant access, permissions to assign roles.

70

Quality

86%

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Advisory

Suggest reviewing before use

SKILL.md
Quality
Evals
Security

Quality

Content

72%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

A concise, well-sequenced workflow that calls out specific Azure tools and branches to a custom-role path, with a cleanly separated prerequisites section. Its main gaps are the absence of concrete output examples and any validation checkpoint for the impactful role-assignment operation.

Suggestions

Add at least one concrete example of the generated output — a sample Azure CLI role-assignment command and a Bicep roleAssignment snippet — so the guidance is copy-paste ready rather than relying entirely on the generation tools.

Insert a verification checkpoint after assignment (e.g., confirm the role was applied to the identity and re-check that it is the least-privilege choice), which both raises workflow clarity and guards the impactful grant operation.

Clarify the branch condition: state explicitly how to decide 'no built-in role matches' (e.g., list the checked built-in roles or the comparison criteria) before falling back to a custom role definition.

DimensionReasoningScore

Conciseness

The body is a lean, tool-invocation workflow that assumes Claude's competence and avoids explaining concepts Claude already knows (no 'what is RBAC' filler); it is not at 2 because there is no unnecessary explanation or padding, only action.

3 / 3

Actionability

It names specific tools ('azure__documentation', 'azure__extension_cli_generate', 'azure__bicepschema', 'azure__get_azure_bestpractices') giving concrete guidance, but shows no example CLI commands or Bicep snippets — 'missing key details' keeps it below the copy-paste-ready bar of 3.

2 / 3

Workflow Clarity

The sequence is clear ('Then', 'Finally', and a branch for custom roles), but role assignment is an impactful operation with no validation/verification checkpoint (e.g., confirm the assignment applied or verify least privilege), which caps workflow clarity at 2 per the destructive/impactful-operations rule.

2 / 3

Progressive Disclosure

This is a single-file skill under 50 lines with no need for external references, and it is well-organized with a clearly signaled '## Prerequisites for Granting Roles' section; per the simple-skills note that structure alone merits a 3.

3 / 3

Total

10

/

12

Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

A strong, third-person description that concisely states concrete capabilities and pairs them with an explicit 'WHEN:' trigger list covering natural user phrasings. It clearly distinguishes the Azure RBAC niche with low conflict risk.

DimensionReasoningScore

Specificity

Names multiple concrete actions — 'find the right Azure RBAC role', 'generate CLI commands and Bicep code to assign it', 'provides guidance on permissions required to grant roles' — matching the 'lists multiple specific concrete actions' anchor; it is not at 2 because the actions are comprehensive rather than partial.

3 / 3

Completeness

It explicitly answers 'what' (find role, generate CLI/Bicep, permissions guidance) and 'when' via the explicit 'WHEN:' trigger clause, an equivalent of 'Use when'; the presence of explicit trigger guidance avoids the cap at 2.

3 / 3

Trigger Term Quality

The 'WHEN:' clause supplies natural phrases users would say — 'what role should I assign', 'role to read blobs', 'role for managed identity', 'least privilege role' — giving good coverage of common variations rather than the partial coverage of a 2.

3 / 3

Distinctiveness Conflict Risk

Azure RBAC is a clear niche with distinct, Azure-specific triggers ('role for managed identity', 'RBAC role for') unlikely to fire for unrelated skills; not at 2 because the triggers are sharply scoped rather than broadly overlapping.

3 / 3

Total

12

/

12

Passed

Validation

100%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation16 / 16 Passed

Validation for skill structure

No warnings or errors.

Repository
microsoft/azure-skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.