pt-gaining-access
Guides controlled exploitation of validated vulnerabilities to measure real-world impact. Use when the user requests proof-of-concept validation, privilege escalation testing, or attack path confirmation in an authorized environment.
94
92%
Does it follow best practices?
Impact
96%
1.50xAverage score across 3 eval scenarios
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a well-crafted skill description that excels across all dimensions. It clearly defines the exploitation/validation phase of penetration testing with specific activities, includes natural trigger terms security professionals would use, and explicitly states both what the skill does and when to use it. The 'authorized environment' qualifier adds important context and further distinguishes it from other security-related skills.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'controlled exploitation of validated vulnerabilities', 'proof-of-concept validation', 'privilege escalation testing', and 'attack path confirmation'. These are distinct, actionable security testing activities. | 3 / 3 |
Completeness | Clearly answers both what ('Guides controlled exploitation of validated vulnerabilities to measure real-world impact') and when ('Use when the user requests proof-of-concept validation, privilege escalation testing, or attack path confirmation in an authorized environment'). | 3 / 3 |
Trigger Term Quality | Includes natural keywords security professionals would use: 'proof-of-concept', 'privilege escalation', 'attack path', 'exploitation', 'vulnerabilities', 'authorized environment'. These are standard penetration testing terminology users would naturally employ. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive niche focused on exploitation/post-validation testing phase. The emphasis on 'validated vulnerabilities', 'authorized environment', and specific activities like 'privilege escalation' clearly distinguishes it from vulnerability scanning or general security skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
85%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-structured penetration testing skill with excellent workflow clarity and appropriate conciseness. The main weakness is limited actionability - while the procedural guidance is clear, the skill would benefit from concrete tool commands or example exploitation techniques rather than purely conceptual steps.
Suggestions
Add concrete command examples for common exploitation scenarios (e.g., specific Metasploit commands, curl requests for web vulnerabilities, or privilege escalation techniques)
Include a brief example of a completed output template showing what actual evidence capture looks like
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is lean and efficient, avoiding unnecessary explanations of penetration testing concepts Claude already knows. Every section serves a clear purpose with no padding or verbose descriptions. | 3 / 3 |
Actionability | Provides clear procedural guidance and a useful output template, but lacks concrete code examples, specific commands, or executable payloads. The workflow describes what to do conceptually rather than showing exact commands or tool usage. | 2 / 3 |
Workflow Clarity | Clear 5-step sequence with explicit validation checkpoints (confirm preconditions, assess blast radius, quality checks). Includes safety boundaries, rollback planning, and a feedback loop for containment recommendations. | 3 / 3 |
Progressive Disclosure | For a skill under 50 lines with no need for external references, the content is well-organized with clear sections (Objectives, Workflow, Output Template, Quality Checks). Structure is appropriate for the scope. | 3 / 3 |
Total | 11 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- santosomar/ethical-hacking-agent-skills
- Commit
a8ff73a
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.