setup-auth
This skill should be used when the user asks to "set up authentication", "add login", "add logout", "configure Entra ID", "set up Azure AD auth", "add Microsoft login", "enable authentication", "set up sign in", "add role-based access", "add authorization", "protect routes", "add auth to my site", "configure identity provider", or wants to set up authentication (login/logout via Microsoft Entra ID) and role-based authorization for their Power Pages code site.
69
64%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./plugins/power-pages/skills/setup-auth/SKILL.mdQuality
Discovery
82%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description excels at providing explicit trigger terms and clearly stating when to use the skill, but it reads more like a trigger-term list than a capability description. It lacks specificity about what concrete actions the skill performs beyond the high-level 'set up authentication and role-based authorization'. The generic auth trigger terms could cause conflicts with other authentication skills for different platforms.
Suggestions
Add specific concrete actions the skill performs, e.g., 'Configures Microsoft Entra ID app registration, sets up OAuth redirect URIs, implements login/logout flows, assigns web roles, and protects site pages with role-based access control.'
Scope the generic trigger terms more tightly to Power Pages context to reduce conflict risk, e.g., qualify 'protect routes' as 'protect Power Pages routes' or add a note like 'specifically for Power Pages / Dataverse-backed portal sites'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description names the domain (authentication via Microsoft Entra ID, role-based authorization, Power Pages) but doesn't list concrete actions beyond 'set up authentication' and 'add role-based access'. It lacks specifics like 'configure redirect URIs', 'create auth middleware', 'set up token validation', etc. | 2 / 3 |
Completeness | The description explicitly answers both 'what' (set up authentication via Microsoft Entra ID and role-based authorization for Power Pages code sites) and 'when' (with an extensive list of trigger phrases prefaced by 'This skill should be used when...'). | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural trigger terms users would say: 'add login', 'add logout', 'configure Entra ID', 'set up Azure AD auth', 'add Microsoft login', 'enable authentication', 'protect routes', 'add auth to my site', 'configure identity provider'. These are highly natural phrases covering many variations. | 3 / 3 |
Distinctiveness Conflict Risk | While it specifies Microsoft Entra ID and Power Pages which narrows the niche, many of the trigger terms like 'add login', 'enable authentication', 'protect routes' are very generic and could easily conflict with other authentication-related skills for different platforms or frameworks. | 2 / 3 |
Total | 10 / 12 Passed |
Implementation
47%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill has excellent workflow clarity with well-defined phases, decision points, and validation steps, making it a strong procedural guide. However, it is excessively verbose—repeating framework-specific details inline, including redundant output summaries after every phase, and over-specifying interaction patterns that Claude can infer. The actionability is moderate since actual implementation code is largely deferred to reference files while the main skill describes what to build rather than providing complete executable code.
Suggestions
Reduce verbosity by removing the 'Output' summary sections at the end of each phase—Claude can track what was done without explicit checklists after every step.
Move the detailed AskUserQuestion tables and per-framework file path listings into a reference file, keeping only the decision logic and key file paths inline.
Provide more complete, executable code examples for the auth service (Phase 3) rather than describing function signatures—the current content describes what to build but doesn't give copy-paste ready implementations.
Consolidate the 'Key Decision Points' section at the end with the inline decision points in each phase to avoid redundancy.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is extremely verbose at ~400+ lines. It over-explains every step, includes redundant tables for AskUserQuestion prompts, repeats information across phases (e.g., framework detection patterns listed multiple times), and includes extensive output summaries after each phase that Claude doesn't need. Much of this could be condensed or moved to reference files. | 1 / 3 |
Actionability | The skill provides some concrete guidance (specific file paths, function signatures, code snippets for React/Vue/Angular patterns) but most of the actual implementation details are deferred to reference files. The code examples are partial—e.g., the auth service in Phase 3 describes functions but doesn't provide complete executable code, and the mock data pattern shows only a snippet. The framework-specific sections describe what to create rather than providing copy-paste ready implementations. | 2 / 3 |
Workflow Clarity | The 8-phase workflow is clearly sequenced with explicit validation checkpoints (Phase 7 verifies files, build, and UI rendering), decision points are well-documented with specific options, and there are feedback loops (build fails → fix → retry, plan rejected → revise → re-present). The prerequisite checks in Phase 1 include clear branching logic for missing dependencies. | 3 / 3 |
Progressive Disclosure | The skill references external files appropriately (framework-conventions.md, authentication-reference.md, authorization-reference.md, skill-tracking-reference.md) which is good progressive disclosure. However, the main SKILL.md itself is monolithic—much of the inline content (detailed AskUserQuestion tables, per-framework file listings, output summaries for each phase) could be moved to reference files to keep the main skill leaner. | 2 / 3 |
Total | 8 / 12 Passed |
Validation
72%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 8 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
skill_md_line_count | SKILL.md is long (581 lines); consider splitting into references/ and linking | Warning |
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 8 / 11 Passed | |
- Repository
- microsoft/power-platform-skills
- Commit
66a61c6
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.