CtrlK
BlogDocsLog inGet started
Tessl Logo

building-identity-governance-lifecycle-process

Builds comprehensive identity governance and lifecycle management processes including joiner-mover-leaver automation, role mining, access request workflows, periodic recertification, and orphaned account remediation using IGA platforms. Activates for requests involving identity lifecycle management, JML processes, role-based access provisioning, or identity governance program design.

62

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Advisory

Suggest reviewing before use

SKILL.md
Quality
Evals
Security

Quality

Content

65%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The content is highly actionable with real executable code and a clear step sequence, but it is token-heavy, omits validation feedback loops for destructive identity operations, and fails to point to its own bundle files. Tightening inline code and adding verification checkpoints would lift the weaker dimensions.

Suggestions

Add explicit validation/verification checkpoints for destructive steps (e.g., confirm identity correlation and dry-run before disabling accounts or revoking access), with a validate→fix→retry loop.

Reference the bundle files from the body — point to scripts/agent.py for runnable scanning and references/api-reference.md for API details — and move the largest inline design blocks into those files.

Trim the illustrative state-machine and class blocks to the essential fields, keeping the body lean while preserving the executable examples.

DimensionReasoningScore

Conciseness

The body is ~660 lines with several large embedded Python design blocks (e.g., the full IDENTITY_LIFECYCLE state-machine dict and multi-class implementations) that read as design specs; useful but tighter than needed and token-heavy, matching the 'mostly efficient but could be tightened' anchor rather than the lean top anchor.

2 / 3

Actionability

Provides concrete, largely executable Python throughout (Workday connector, role mining, access-request engine, orphaned-account detector) plus a fully runnable scripts/agent.py with argparse and env-var config, meeting the 'fully executable, copy-paste ready' anchor despite some template placeholders.

3 / 3

Workflow Clarity

Steps are clearly sequenced (define states → source integration → role mining → access request → orphaned detection), but these destructive/batch identity operations (account disablement, access revocation, termination) lack explicit validation checkpoints and validate→fix→retry feedback loops, which per the rubric caps this dimension at 2.

2 / 3

Progressive Disclosure

Bundle files exist (references/api-reference.md, scripts/agent.py) but the body never signals or links them, and large inline code that could live in those files is not split out — matching the 'references present but not clearly signaled; content that should be separate is inline' anchor.

2 / 3

Total

9

/

12

Passed

Description

85%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description is specific, complete, and well-scoped, clearly stating capabilities and an explicit activation trigger. Its only weakness is trigger-term naturalness, which leans on professional jargon over the phrasing a casual user would say.

Suggestions

Add more user-natural trigger terms such as 'onboarding/offboarding', 'access reviews/recertification', and 'orphaned accounts' alongside the professional phrasing.

Spell out the 'JML' abbreviation in the trigger clause (e.g., 'joiner-mover-leaver (JML)') so non-specialist users match it.

DimensionReasoningScore

Specificity

Names multiple concrete actions — 'joiner-mover-leaver automation, role mining, access request workflows, periodic recertification, and orphaned account remediation' — matching the 'lists multiple specific concrete actions' anchor.

3 / 3

Completeness

Explicitly answers both what (the listed capabilities) and when via the 'Activates for requests involving...' trigger clause, matching the top anchor.

3 / 3

Trigger Term Quality

Includes relevant terms ('identity lifecycle management, JML processes, role-based access provisioning, identity governance program design') but leans professional/jargon ('JML') and omits common natural variations like onboarding/offboarding, access reviews, or orphaned accounts as triggers.

2 / 3

Distinctiveness Conflict Risk

Targets a clear niche — IGA-platform identity governance lifecycle — with distinct triggers unlikely to fire for unrelated skills.

3 / 3

Total

11

/

12

Passed

Validation

87%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation14 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

skill_md_line_count

SKILL.md is long (726 lines); consider splitting into references/ and linking

Warning

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

14

/

16

Passed

Repository
mukul975/Anthropic-Cybersecurity-Skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.