CtrlK
BlogDocsLog inGet started
Tessl Logo

setup-auth

Use when the user asks to "set up authentication", "add login", "add logout", "add sign in", "enable auth", "add role-based access", "add authorization", "protect routes", "configure identity provider", "configure Entra ID", "configure Entra External ID", "configure OpenID Connect", "add OIDC", "set up SAML", "set up WS-Federation", "set up local login", "add username password", "add Facebook login", "add Google sign in", "add Microsoft Account", "set up invitation login", or otherwise wants to set up authentication (login/logout) and role-based authorization for their Power Pages code site using any supported identity provider (Microsoft Entra ID, Entra External ID, OpenID Connect, SAML2, WS-Federation, local authentication, Microsoft Account, Facebook, or Google).

71

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Quality

Content

77%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The skill body is exceptionally actionable and well-sequenced with strong validation feedback loops, but its 2958-line monolithic size, heavy verbatim repetition across phases, and reliance on roughly eleven referenced scripts/references that are absent from the bundle drag down conciseness and progressive disclosure. It is a high-quality expert skill hampered by token bloat and broken external navigation.

Suggestions

Deduplicate the recurring blocks: define the AllowContactMappingWithEmail security/multi-tenant warning, the 2FA-not-supported rationale, and the logout-mode explanation once and cross-reference them instead of repeating them verbatim across Phases 2, 3, 5, and 8.

Move the large per-provider settings tables and the Entra External ID 4-step walkthrough into the existing authentication-reference.md, keeping SKILL.md a concise overview that points to them — this would shrink the monolithic body and improve progressive disclosure.

Reconcile the referenced bundle paths: either ship the missing scripts/references (framework-conventions.md, skill-tracking-reference.md, create-site-setting.js, render-auth-report.js, check-version.js, check-solution-installed.js, create-table-permission.js, the Key Vault scripts, etc.) or remove the dead references so navigation is not broken.

DimensionReasoningScore

Conciseness

The 2958-line body is mostly efficient domain-specific guidance (no generic concept bloat), but it is heavily padded with verbatim repetition — the AllowContactMappingWithEmail security warning, the 2FA-not-supported rationale, and logout-mode explanations each recur 3–5 times across phases — that should be tightened or deduplicated. It is not a 1 because the content is genuine Power Pages expertise Claude lacks, but not a 3 because the repetition is unnecessary token spend.

2 / 3

Actionability

Fully executable guidance throughout: exact `create-site-setting.js` invocations with named arguments, precise site-setting keys, regex validators (e.g. UUID, ciamlogin subdomain), concrete file paths, and copy-paste code snippets for hooks/components.

3 / 3

Workflow Clarity

Eight clearly sequenced phases with explicit validation checkpoints — file-inventory verification (Phase 7.1), `npm run build`, Playwright UI snapshot, regex-based re-prompt loops, and plan/deploy approval gates with cancel-leaves annotations — providing strong feedback loops for a fragile operation.

3 / 3

Progressive Disclosure

Structure exists and the body defers to one-level-deep real references (authentication-reference.md, authorization-reference.md, validate-auth.js all exist), but it also references ~11 non-existent bundle paths (framework-conventions.md, skill-tracking-reference.md, create-site-setting.js, render-auth-report.js, check-version.js, etc.) and the 2958-line body is itself near-monolithic with large blocks (the full settings tables, walkthroughs) that could live in references.

2 / 3

Total

10

/

12

Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description is exemplary: it opens with an explicit "Use when..." trigger clause, enumerates a wide range of natural user phrases, names concrete actions, and scopes the skill to a distinctive Power Pages auth niche. It earns full marks on all four dimensions with no verbosity or buzzword padding.

DimensionReasoningScore

Specificity

Lists multiple concrete actions such as "set up authentication", "add login", "add logout", "add role-based access", "configure identity provider", and names specific providers (Entra ID, OIDC, SAML, WS-Federation) rather than vague language.

3 / 3

Completeness

Explicitly answers both what ("set up authentication (login/logout) and role-based authorization for their Power Pages code site using any supported identity provider") and when ("Use when the user asks to...") with explicit trigger guidance.

3 / 3

Trigger Term Quality

Excellent coverage of natural phrases users would actually say — "add login", "add sign in", "enable auth", "add Facebook login", "add Google sign in", "add username password", "set up local login" — across many provider variants.

3 / 3

Distinctiveness Conflict Risk

Scoped to a clear niche — auth/RBAC for Power Pages code sites with named identity providers — with distinct trigger phrases, making conflict with other skills unlikely.

3 / 3

Total

12

/

12

Passed

Validation

81%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation13 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

skill_md_line_count

SKILL.md is long (2959 lines); consider splitting into references/ and linking

Warning

allowed_tools_field

'allowed-tools' contains unusual tool name(s)

Warning

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

13

/

16

Passed

Repository
microsoft/power-platform-skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.