CtrlK
BlogDocsLog inGet started
Tessl Logo

simplify-and-harden-ci

CI-only Simplify & Harden workflow for pull requests using gh-aw (GitHub Agentic Workflows). Runs headless scan-and-report checks for simplify/harden/document, posts structured findings, and can block merges on critical or advisory classes. Use when: you want automated quality/security review in CI without interactive approvals.

63

Quality

73%

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Advisory

Suggest reviewing before use

Fix and improve this skill with Tessl

tessl review fix ./skills/simplify-and-harden-ci/SKILL.md
SKILL.md
Quality
Evals
Security

Quality

Content

62%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This skill provides a well-structured CI workflow with clear sequencing, explicit contracts, and good separation of concerns between CI and interactive modes. Its main weaknesses are the missing bundle file for the workflow example template (which is critical for actionability) and some verbosity in sections like Context Limitation that explain things Claude would already understand. The structured output format is described but never shown with a concrete YAML example.

Suggestions

Provide the `references/workflow-example.md` bundle file or inline a minimal but complete gh-aw workflow example so the skill is actionable without external dependencies.

Add a concrete example of the expected `simplify_and_harden` YAML output schema so Claude knows exactly what structure to emit.

Trim the 'Context Limitation' section to a single sentence or merge it into the CI Contract as a constraint, since Claude understands CI context limitations.

DimensionReasoningScore

Conciseness

The skill is mostly efficient but includes some unnecessary explanation (e.g., the 'Context Limitation' section explaining that CI agents lack implementation context is somewhat obvious to Claude, and the parenthetical explanation about .md extension for gh-aw workflows adds bulk). The purpose section's bullet points are tight, but overall could be tightened.

2 / 3

Actionability

Provides concrete CLI commands for installation, compilation, and running workflows, plus a full prompt template. However, the actual workflow file content is deferred to a reference file (`references/workflow-example.md`) that isn't provided in the bundle, making the authoring workflow incomplete. The prompt template is text, not an executable artifact, and the YAML output schema is described but never shown concretely.

2 / 3

Workflow Clarity

The authoring workflow is clearly sequenced (copy template → compile/validate → run/push → check status). The CI contract explicitly defines scope lock, headless execution, structured output, and gate policy. The prompt template includes a clear ordered sequence with validation steps (re-read with fresh eyes before reporting). The separation between 'do not auto-apply' and 'escalate ambiguous findings' provides error recovery guidance.

3 / 3

Progressive Disclosure

References `references/workflow-example.md` for the workflow template and `.learnings/LEARNINGS.md` for self-improvement integration, which is good progressive disclosure in principle. However, no bundle files are provided, so the referenced workflow example is unavailable, making the skill incomplete in isolation. The inline prompt template is lengthy and could potentially be in a reference file.

2 / 3

Total

9

/

12

Passed

Description

85%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

This is a strong description that clearly communicates specific capabilities and includes an explicit 'Use when' clause. Its main weakness is reliance on specialized terminology (gh-aw, headless scan-and-report, advisory classes) that may not match natural user language. The description is concise, uses third person voice correctly, and carves out a distinct niche.

Suggestions

Add more natural trigger terms users might say, such as 'PR checks', 'automated code review', 'GitHub Actions CI', or 'merge gate' to improve discoverability.

DimensionReasoningScore

Specificity

Lists multiple specific concrete actions: 'runs headless scan-and-report checks for simplify/harden/document', 'posts structured findings', 'can block merges on critical or advisory classes'. These are concrete, actionable capabilities.

3 / 3

Completeness

Clearly answers both 'what' (CI workflow for scan-and-report checks, posting findings, blocking merges) and 'when' with an explicit 'Use when:' clause specifying 'automated quality/security review in CI without interactive approvals'.

3 / 3

Trigger Term Quality

Includes some relevant terms like 'CI', 'pull requests', 'quality/security review', 'block merges', but relies on specialized jargon like 'gh-aw', 'headless scan-and-report', and 'advisory classes' that users may not naturally use. Missing common variations like 'PR checks', 'automated code review', 'GitHub Actions'.

2 / 3

Distinctiveness Conflict Risk

Highly distinctive with a clear niche: CI-only workflow using gh-aw for pull request quality/security checks. The combination of 'CI-only', 'gh-aw', 'simplify/harden', and 'headless' makes it very unlikely to conflict with other skills.

3 / 3

Total

11

/

12

Passed

Validation

100%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation11 / 11 Passed

Validation for skill structure

No warnings or errors.

Repository
pskoett/pskoett-ai-skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.