simplify-and-harden-ci
CI-only Simplify & Harden workflow for pull requests using gh-aw (GitHub Agentic Workflows). Runs headless scan-and-report checks for simplify/harden/document, posts structured findings, and can block merges on critical or advisory classes. Use when: you want automated quality/security review in CI without interactive approvals.
77
71%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/simplify-and-harden-ci/SKILL.mdQuality
Discovery
85%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong description that clearly defines its niche (CI-only automated quality/security review via gh-aw) with specific actions and an explicit 'Use when' clause. Its main weakness is the use of somewhat technical jargon that may not match how users naturally phrase requests, and the second-person 'you want' in the trigger clause is a minor style issue though it doesn't significantly harm clarity.
Suggestions
Replace second-person 'you want' in the 'Use when' clause with third-person phrasing, e.g., 'Use when automated quality/security review is needed in CI without interactive approvals'.
Add more natural trigger terms users might say, such as 'PR checks', 'automated code review', 'GitHub Actions pipeline', or 'CI/CD security scanning'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'runs headless scan-and-report checks for simplify/harden/document', 'posts structured findings', 'can block merges on critical or advisory classes'. These are concrete, actionable capabilities. | 3 / 3 |
Completeness | Clearly answers both what ('runs headless scan-and-report checks, posts structured findings, can block merges') and when ('Use when: you want automated quality/security review in CI without interactive approvals'). The explicit 'Use when' clause is present. | 3 / 3 |
Trigger Term Quality | Includes some relevant terms like 'CI', 'pull requests', 'quality/security review', 'block merges', and 'gh-aw', but uses fairly technical jargon ('headless scan-and-report', 'advisory classes') and misses common user phrases like 'PR checks', 'automated code review', 'GitHub Actions', or 'pipeline'. | 2 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with a clear niche: CI-only workflow using gh-aw for pull requests, specifically for simplify/harden/document checks. The combination of 'CI-only', 'gh-aw', and 'headless' makes it very unlikely to conflict with other skills. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
57%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a reasonably well-structured CI skill that clearly defines its scope and contract, with good progressive disclosure and a useful prompt template. However, it falls short on actionability by not including a concrete workflow example or output schema inline, and the workflow clarity lacks explicit validation/error-recovery steps for the CI execution path itself. Some content is mildly redundant across sections.
Suggestions
Include a concrete example of the expected `simplify_and_harden` YAML output schema so Claude knows exactly what structure to emit.
Either inline a minimal but complete gh-aw workflow example or show the key workflow file content rather than only referencing an external file.
Add explicit error-recovery steps for CI failures: what to do when the check fails, how to review and resolve findings, and how to re-trigger the workflow.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Generally efficient but includes some sections that could be tightened. The 'Context Limitation' section explains concepts Claude can infer, and some bullet points restate what's already implied by the CI contract. The 'Purpose' bullets partially overlap with the CI Contract section. | 2 / 3 |
Actionability | Provides concrete CLI commands for setup and compilation, and a full prompt template, but the actual workflow file content is deferred to a reference file ('references/workflow-example.md') that isn't shown. The YAML output schema is described but never concretely exemplified, making it harder to produce the exact expected output. | 2 / 3 |
Workflow Clarity | The authoring workflow has a clear 4-step sequence with compile/validate, but lacks explicit validation checkpoints for the CI execution itself. There's no feedback loop for what to do when the CI check fails or when findings are ambiguous beyond 'escalate to interactive review'. For a workflow involving merge-blocking operations, the absence of error recovery steps caps this at 2. | 2 / 3 |
Progressive Disclosure | Well-structured with clear sections progressing from purpose to prerequisites to contract to authoring to prompt template. References the workflow example in a separate file and the interactive variant skill appropriately. Navigation is straightforward and one level deep. | 3 / 3 |
Total | 9 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- pskoett/pskoett-ai-skills
- Commit
d6c68fa
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.