auditing-azure-active-directory-configuration
Auditing Microsoft Entra ID (Azure Active Directory) configuration to identify risky authentication policies, overly permissive role assignments, stale accounts, conditional access gaps, and guest user risks using AzureAD PowerShell, Microsoft Graph API, and ScoutSuite.
69
62%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/auditing-azure-active-directory-configuration/SKILL.mdQuality
Discovery
82%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong description with excellent specificity, rich trigger terms, and a clearly distinct niche in Azure AD security auditing. Its main weakness is the absence of an explicit 'Use when...' clause, which would help Claude know precisely when to select this skill over others.
Suggestions
Add an explicit 'Use when...' clause, e.g., 'Use when the user asks to audit Azure AD, review Entra ID security posture, check conditional access policies, or assess identity-related risks in Azure environments.'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: auditing authentication policies, identifying risky role assignments, stale accounts, conditional access gaps, and guest user risks. Also names specific tools: AzureAD PowerShell, Microsoft Graph API, and ScoutSuite. | 3 / 3 |
Completeness | The 'what' is clearly answered with specific auditing actions and tools, but there is no explicit 'Use when...' clause or equivalent trigger guidance telling Claude when to select this skill. Per rubric guidelines, this caps completeness at 2. | 2 / 3 |
Trigger Term Quality | Excellent coverage of natural keywords users would say: 'Entra ID', 'Azure Active Directory', 'authentication policies', 'role assignments', 'stale accounts', 'conditional access', 'guest user', 'AzureAD PowerShell', 'Microsoft Graph API', 'ScoutSuite'. These are terms a user working in this domain would naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive niche targeting Microsoft Entra ID / Azure AD security auditing with specific tools and risk categories. Very unlikely to conflict with other skills given the narrow domain focus. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
42%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill excels in actionability with concrete, executable commands across PowerShell and Azure CLI, but suffers significantly from verbosity and poor progressive disclosure. It explains concepts Claude already knows (Entra ID definitions, tool descriptions), includes time-sensitive hardcoded dates in queries, and packs everything into a single monolithic file rather than splitting reference material into linked documents.
Suggestions
Remove the 'Key Concepts' table and 'Tools & Systems' section entirely—Claude already knows these terms and tools, and they consume significant tokens without adding actionable value.
Extract the 'Common Scenarios' section and 'Output Format' into separate referenced files (e.g., SCENARIOS.md, REPORT_TEMPLATE.md) to reduce the main skill's token footprint.
Add validation checkpoints after key steps, such as verifying Graph API connection succeeded, confirming sufficient permissions before proceeding, and cross-checking findings (e.g., 'Verify stale account count matches expectations before reporting').
Replace hardcoded dates in sign-in log queries (e.g., '2026-02-16T00:00:00Z') with dynamic date calculation examples to avoid time-sensitive content that will become stale.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is excessively verbose at ~200+ lines. It includes a 'Key Concepts' table explaining terms like 'Microsoft Entra ID' and 'Conditional Access' that Claude already knows, a 'Tools & Systems' section describing well-known tools, and a lengthy scenario walkthrough that largely restates the workflow steps. The 'When to Use' and 'Do not use' sections also over-explain. | 1 / 3 |
Actionability | The skill provides fully executable PowerShell and Azure CLI commands throughout all steps. Commands are copy-paste ready with specific Graph API endpoints, query filters, and output formatting. The code examples are concrete and complete. | 3 / 3 |
Workflow Clarity | The six steps are clearly sequenced and logically ordered, but there are no validation checkpoints or feedback loops between steps. For a security audit involving potentially destructive remediation recommendations and complex multi-step API queries, there's no guidance on verifying command output, handling errors (e.g., insufficient permissions), or confirming findings before proceeding. | 2 / 3 |
Progressive Disclosure | The content is a monolithic wall of text with no references to external files. The Key Concepts table, Tools & Systems section, Common Scenarios, and Output Format could all be split into separate reference files. Everything is inlined, making the skill unnecessarily long for the SKILL.md overview level. | 1 / 3 |
Total | 7 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- mukul975/Anthropic-Cybersecurity-Skills
- Commit
c15f73d
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.