azure-rbac

Helps users find the right Azure RBAC role for an identity with least privilege access, then generate CLI commands and Bicep code to assign it. Also provides guidance on permissions required to grant roles. WHEN: bicep for role assignment, what role should I assign, least privilege role, RBAC role for, role to read blobs, role for managed identity, custom role definition, assign role to identity, what role do I need to grant access, permissions to assign roles.

Quality

75%

Does it follow best practices?

Impact

—

No eval scenarios have been run

Securityby

Passed

No known issues

Fix and improve this skill with Tessl

tessl review fix ./plugin/skills/azure-rbac/SKILL.md

Quality

Content

50%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The skill provides a reasonable high-level workflow for Azure RBAC role assignment using specific tools, which is good directional guidance. However, it lacks concrete examples (sample tool calls, example CLI output, example Bicep snippets), explicit step sequencing, and validation checkpoints. The content reads more like a summary than an actionable skill.

Suggestions

Break the main paragraph into numbered workflow steps with explicit validation checkpoints (e.g., 'Confirm with the user that the identified role matches their intent before generating CLI/Bicep code').

Add at least one concrete example showing a sample user request, the expected tool calls, and example output (CLI command and Bicep snippet).

Add error handling guidance: what to do when no built-in role matches, when the user lacks permissions, or when the scope is ambiguous.

Consider adding a conditional branch for custom role creation as a clearly separated section rather than embedding it in the main flow paragraph.

Dimension	Reasoning	Score
Conciseness	The content is relatively brief but includes some unnecessary explanation (e.g., describing what User Access Administrator and Owner roles do in parenthetical notes). The prerequisites section is useful but the introductory paragraph could be tightened.	2 / 3
Actionability	The skill references specific tools (azure__documentation, azure__extension_cli_generate, azure__bicepschema, azure__get_azure_bestpractices) which gives Claude concrete direction, but there are no executable code examples, no sample CLI commands, no example Bicep snippets, and no example of what a tool call or output looks like. It describes a process rather than demonstrating it.	2 / 3
Workflow Clarity	There is a clear implicit sequence (find role → generate CLI → generate Bicep), but it's written as a single paragraph rather than numbered steps, lacks validation checkpoints (e.g., confirming the role matches before proceeding), and has no error recovery guidance for when no built-in role matches or when the user lacks permissions.	2 / 3
Progressive Disclosure	The content has a basic structure with a prerequisites section separated out, but the main workflow is a monolithic paragraph. There are no bundle files or references to external documentation. For a skill of this size, the organization is adequate but could benefit from clearer section headers separating the workflow steps.	2 / 3
	Total	8 / 12 Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

This is a strong skill description that clearly articulates specific capabilities (finding RBAC roles, generating CLI/Bicep code, permissions guidance) and provides an explicit WHEN clause with diverse, natural trigger terms. The description is well-scoped to Azure RBAC role assignment, making it highly distinctive and unlikely to conflict with other skills.

Dimension	Reasoning	Score
Specificity	The description lists multiple specific concrete actions: finding the right Azure RBAC role, generating CLI commands, generating Bicep code for role assignment, and providing guidance on permissions required to grant roles.	3 / 3
Completeness	Clearly answers both 'what' (find the right Azure RBAC role, generate CLI commands and Bicep code, provide permissions guidance) and 'when' (explicit WHEN clause with multiple trigger phrases covering various user scenarios).	3 / 3
Trigger Term Quality	Excellent coverage of natural terms users would say: 'bicep for role assignment', 'what role should I assign', 'least privilege role', 'RBAC role for', 'role to read blobs', 'role for managed identity', 'custom role definition', 'assign role to identity', 'permissions to assign roles'. These are realistic, varied phrasings users would naturally use.	3 / 3
Distinctiveness Conflict Risk	Highly distinctive with a clear niche: Azure RBAC role assignment with Bicep/CLI generation. The specific domain (Azure RBAC, managed identity, Bicep) and trigger terms are unlikely to conflict with other skills.	3 / 3
	Total	12 / 12 Passed

Validation

100%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 11 / 11 Passed

Validation for skill structure

No warnings or errors.

Repository: microsoft/github-copilot-for-azure
Commit: d4563f6

Reviewed: 3 days ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.