pt-analysis-reporting

Produces penetration test reports with executive summary, technical findings, and remediation guidance. Use when consolidating test evidence, prioritizing risk, and preparing stakeholder-ready deliverables.

1.20x

Quality

67%

Does it follow best practices?

Impact

89%

1.20x

Average score across 3 eval scenarios

Securityby

Passed

No known issues

Fix and improve this skill with Tessl

tessl review fix ./skills/pt-analysis-reporting/SKILL.md

Quality

Content

50%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This skill provides a solid structural framework for pen test reporting with a clear workflow and usable template. However, it lacks concrete examples (e.g., a filled-in sample finding), specific frameworks for severity rating, and explicit feedback loops in the workflow. The content sits at an instructional level that Claude could largely generate on its own without this skill.

Suggestions

Add a concrete, filled-in example finding (with realistic severity, evidence, reproduction steps, and remediation) to make the template actionable rather than just structural.

Specify a severity rating framework (e.g., CVSS scoring or a custom risk matrix) rather than leaving 'Severity:' as an empty placeholder.

Add explicit feedback loops to the workflow, e.g., 'If QA reveals unsupported claims, return to step 3 to gather additional evidence or revise the finding.'

Extract the report template into a separate referenced file (e.g., TEMPLATE.md) to improve progressive disclosure and keep the main skill focused on workflow guidance.

Dimension	Reasoning	Score
Conciseness	The content is reasonably efficient but includes some unnecessary framing (e.g., 'Objectives' section restates what Claude would already understand about pen test reporting). The template and workflow are useful but could be tighter.	2 / 3
Actionability	Provides a structured template and workflow steps, which is helpful, but guidance remains at the level of general instructions rather than concrete, executable examples. No sample filled-in findings, no specific severity rating frameworks (e.g., CVSS), and remediation guidance is generic placeholder text rather than illustrative examples.	2 / 3
Workflow Clarity	The 5-step workflow is clearly sequenced and includes a final QA step, but validation checkpoints are only at the end rather than integrated throughout. There's no explicit feedback loop (e.g., if QA fails, go back to step X), and the QA step itself is vague ('validate evidence links' without specifying how).	2 / 3
Progressive Disclosure	Content is reasonably organized with clear sections (Workflow, Template, Quality Checks), but everything is inline in a single file. The template section is lengthy and could be referenced as a separate file. No references to supplementary materials for methodology details, severity frameworks, or example reports.	2 / 3
	Total	8 / 12 Passed

Description

85%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

This is a well-crafted description that clearly defines both the skill's purpose and when to use it. It lists specific deliverables and activities, and occupies a distinct niche. The main weakness is that it could include more natural trigger term variations (e.g., 'pentest', 'vulnerability report', 'security assessment') to improve discoverability.

Suggestions

Add common synonyms and abbreviations users might use, such as 'pentest', 'pen test', 'vulnerability report', 'security assessment report', or 'infosec findings'.

Dimension	Reasoning	Score
Specificity	Lists multiple specific concrete actions: 'executive summary, technical findings, and remediation guidance' as well as 'consolidating test evidence, prioritizing risk, and preparing stakeholder-ready deliverables.' These are concrete, well-defined outputs and activities.	3 / 3
Completeness	Clearly answers both 'what' (produces penetration test reports with executive summary, technical findings, remediation guidance) and 'when' (use when consolidating test evidence, prioritizing risk, preparing stakeholder-ready deliverables) with an explicit 'Use when...' clause.	3 / 3
Trigger Term Quality	Includes relevant terms like 'penetration test reports', 'executive summary', 'remediation guidance', 'risk', and 'stakeholder-ready deliverables', but misses common user variations such as 'pentest', 'pen test', 'vulnerability report', 'security assessment', or 'findings report' that users would naturally say.	2 / 3
Distinctiveness Conflict Risk	The description carves out a clear niche around penetration testing reports specifically, with distinct triggers like 'test evidence', 'remediation guidance', and 'stakeholder-ready deliverables' that are unlikely to conflict with general reporting or security analysis skills.	3 / 3
	Total	11 / 12 Passed

Validation

100%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 11 / 11 Passed

Validation for skill structure

No warnings or errors.

Repository: santosomar/ethical-hacking-agent-skills
Commit: 9976e81

Reviewed: 2 months ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.