azure-rbac
Helps users find the right Azure RBAC role for an identity with least privilege access, then generate CLI commands and Bicep code to assign it. Also provides guidance on permissions required to grant roles. USE FOR: "what role should I assign", "least privilege role", "RBAC role for", "role to read blobs", "role for managed identity", "custom role definition", "assign role to identity", "what role do I need to grant access", "permissions to assign roles". DO NOT USE FOR: creating or configuring managed identities, or general Azure security hardening; those are out of scope for this role-selection skill.
Install with Tessl CLI
npx tessl i github:microsoft/github-copilot-for-azure --skill azure-rbac85
Does it follow best practices?
If you maintain this skill, you can automatically optimize it using the tessl CLI to improve its score:
npx tessl skill review --optimize ./path/to/skillEvaluation — 94%
↑ 1.06xAgent success when using this skill
Validation for skill structure
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is an excellent skill description that hits all the marks. It provides specific capabilities (role selection, CLI/Bicep generation, permissions guidance), includes comprehensive natural trigger terms in a dedicated USE FOR section, and explicitly defines scope boundaries with DO NOT USE FOR. The description uses proper third-person voice throughout.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple concrete actions: 'find the right Azure RBAC role', 'generate CLI commands and Bicep code to assign it', 'provides guidance on permissions required to grant roles'. These are specific, actionable capabilities. | 3 / 3 |
Completeness | Clearly answers WHAT (find RBAC roles, generate CLI/Bicep code, provide permissions guidance) AND WHEN (explicit 'USE FOR' clause with trigger phrases). Also includes helpful 'DO NOT USE FOR' boundaries. | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural user phrases in the USE FOR section: 'what role should I assign', 'least privilege role', 'RBAC role for', 'role to read blobs', 'role for managed identity', 'assign role to identity'. These match how users would naturally ask for help. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with clear Azure RBAC focus and explicit scope boundaries. The 'DO NOT USE FOR' clause explicitly excludes managed identity creation and general security hardening, reducing conflict risk with related Azure skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
57%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill provides a reasonable high-level workflow for Azure RBAC role selection and assignment but lacks the concrete, executable examples that would make it truly actionable. The tool-based approach is sound, but the skill would benefit from example inputs/outputs and explicit workflow steps with validation checkpoints.
Suggestions
Add a numbered workflow with explicit steps (1. Find role, 2. Validate permissions match, 3. Generate CLI, 4. Generate Bicep) including validation checkpoints
Include a concrete example showing sample input (e.g., 'read blobs from storage account') and expected output (role name, CLI command template, Bicep snippet)
Provide example CLI command and Bicep code templates rather than just referencing the tools that generate them
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is relatively brief but includes some unnecessary phrasing like 'Use the X tool to...' repeated multiple times. Could be tightened into a cleaner workflow format. | 2 / 3 |
Actionability | Provides tool names and general workflow but lacks concrete examples of inputs/outputs, actual CLI command templates, or Bicep code snippets. The guidance is directional rather than executable. | 2 / 3 |
Workflow Clarity | The sequence is implied (find role → generate CLI → generate Bicep) but not explicitly numbered or structured. No validation checkpoints for verifying the role selection is correct before proceeding. | 2 / 3 |
Progressive Disclosure | For a skill of this size (~15 lines), the structure is appropriate with a main workflow section and a clearly separated prerequisites section. No need for external file references at this scale. | 3 / 3 |
Total | 9 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.