Content
77%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The body is highly actionable with executable code and a clear sequenced workflow, but it is somewhat verbose in its concept explanations and fails to route detail into the available bundle reference files.
Suggestions
Trim the 'Key Concepts' section to the non-obvious operational specifics (group IDs, layer schema) and drop explanations of what Tactics/Techniques and the Navigator are.
Move the detailed API usage and Navigator layer schema into references/api-reference.md and workflows.md, and add clearly signaled one-level links from SKILL.md to those bundle files.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The workflow code is lean and earns its place, but the 'Key Concepts' section explains what Tactics/Techniques/Sub-techniques, threat group profiles, and the Navigator are — concepts Claude already knows — so it is mostly efficient with some removable explanation. | 2 / 3 |
Actionability | Five complete, executable Python blocks use the real attackcti API with concrete group IDs (G0016, G0007, G0032) and a fully-specified Navigator layer JSON — copy-paste ready and specific. | 3 / 3 |
Workflow Clarity | A clearly sequenced 5-step workflow with verifiable output at each step and an explicit 'Validation Criteria' checklist; operations are read-only (no destructive/batch work), so the absence of inline fix-retry feedback loops is not penalized. | 3 / 3 |
Progressive Disclosure | Sections are well organized, but the body holds all code inline and the 'References' section lists only external URLs — the provided bundle files (references/api-reference.md, standards.md, workflows.md; scripts/agent.py, process.py) are never signaled, so content that could be split out remains inline. | 2 / 3 |
Total | 10 / 12 Passed |