azure-rbac
Helps users find the right Azure RBAC role for an identity with least privilege access, then generate CLI commands and Bicep code to assign it. Also provides guidance on permissions required to grant roles. WHEN: bicep for role assignment, what role should I assign, least privilege role, RBAC role for, role to read blobs, role for managed identity, custom role definition, assign role to identity, what role do I need to grant access, permissions to assign roles.
74
67%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./plugin/skills/azure-rbac/SKILL.mdQuality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong skill description that clearly articulates specific capabilities (finding RBAC roles, generating CLI/Bicep code, permissions guidance), includes an explicit WHEN clause with diverse and natural trigger terms, and occupies a distinct niche in Azure RBAC role assignment. The description is well-structured, concise, and uses appropriate third-person voice throughout.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description lists multiple specific concrete actions: finding the right Azure RBAC role, generating CLI commands, generating Bicep code for role assignment, and providing guidance on permissions required to grant roles. | 3 / 3 |
Completeness | Clearly answers both 'what' (find RBAC roles with least privilege, generate CLI commands and Bicep code, provide permissions guidance) and 'when' (explicit WHEN clause with multiple trigger phrases). | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural trigger terms users would actually say: 'bicep for role assignment', 'what role should I assign', 'least privilege role', 'RBAC role for', 'role to read blobs', 'role for managed identity', 'custom role definition', 'assign role to identity', 'permissions to assign roles'. These cover many natural variations. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with a clear niche: Azure RBAC role assignment with Bicep/CLI generation. The specific domain (Azure RBAC, Bicep, managed identity) and trigger terms make it very unlikely to conflict with other skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
35%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill provides a reasonable high-level workflow for finding and assigning Azure RBAC roles using specific tools, but lacks concrete examples (no sample CLI output, no Bicep snippet, no example role lookup). The instructions are abstract rather than actionable, telling Claude to use tools without showing what good inputs or outputs look like. The prerequisites section adds useful context but the overall skill would benefit significantly from executable examples and explicit validation steps.
Suggestions
Add a concrete example showing a sample user request, the expected tool calls in sequence, and example output (e.g., a Bicep snippet for a Storage Blob Data Reader role assignment).
Number the workflow steps explicitly and add a validation checkpoint after role selection (e.g., 'Confirm with the user that the identified role matches their intent before generating assignment code').
Include a copy-paste ready Bicep template for a common role assignment scenario to make the skill actionable rather than purely procedural.
Remove explanatory parentheticals like '(least privilege - recommended for role assignment only)' and '(full access including role assignment)' that Claude already understands.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Mostly efficient but includes some unnecessary explanation in the Prerequisites section (e.g., 'full access including role assignment' for Owner is something Claude already knows). The tool-chaining instructions are reasonably lean. | 2 / 3 |
Actionability | No concrete code examples, CLI commands, or Bicep snippets are provided. The skill describes a process abstractly ('use tool X to do Y') without showing expected inputs, outputs, or copy-paste ready examples of the generated artifacts. | 1 / 3 |
Workflow Clarity | There is a discernible sequence (find role → generate CLI → generate Bicep), but steps are not numbered or clearly delineated, there are no validation checkpoints (e.g., confirming the role matches before proceeding), and no error recovery guidance. | 2 / 3 |
Progressive Disclosure | The Prerequisites section is a reasonable inline addition for a short skill, but the content is a single block with no references to external files or clear navigation structure. For its length it's acceptable but could benefit from separating the tool-chaining workflow from the prerequisites more clearly. | 2 / 3 |
Total | 7 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- microsoft/github-copilot-for-azure
- Commit
a46a937
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.