pt-gaining-access

Guides controlled exploitation of validated vulnerabilities to measure real-world impact. Use when the user requests proof-of-concept validation, privilege escalation testing, or attack path confirmation in an authorized environment.

1.50x

Quality

83%

Does it follow best practices?

Impact

96%

1.50x

Average score across 3 eval scenarios

Securityby

Passed

No known issues

Quality

Content

77%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This is a well-structured, concise skill for guiding controlled exploitation during penetration testing. Its strengths are clear workflow sequencing with safety boundaries and a useful output template. Its main weakness is the lack of concrete, executable examples (specific tool commands or sample exploit scenarios) that would make the guidance more immediately actionable.

Suggestions

Add 1-2 concrete examples with specific tool commands (e.g., a Metasploit module usage, a curl command for a web vuln) to demonstrate what 'minimal payloads' and 'controlled validation' look like in practice.

Add cross-references to related skills or documents (e.g., scanning/enumeration phase, post-exploitation, rules of engagement template) to improve progressive disclosure and workflow continuity.

Dimension	Reasoning	Score
Conciseness	The content is lean and efficient. It avoids explaining what penetration testing is or how exploits work—concepts Claude already knows. Every section serves a clear purpose with no padding.	3 / 3
Actionability	The workflow provides clear procedural guidance and the output template is concrete and copy-paste ready. However, there are no executable code examples, specific tool commands (e.g., Metasploit, sqlmap), or concrete exploit examples—the guidance remains at the instructional level without specific technical commands.	2 / 3
Workflow Clarity	The 5-step workflow is clearly sequenced with explicit safety checkpoints (confirm preconditions and rollback plan, define PoC boundaries before execution, assess blast radius after exploitation). The quality checks section serves as a validation checklist, and the workflow includes containment recommendations as a feedback mechanism.	3 / 3
Progressive Disclosure	The content is well-structured with clear sections and an output template, but it's entirely self-contained with no references to related materials (e.g., scanning phase skill, post-exploitation skill, rules of engagement templates). For a skill that references 'prioritized, in-scope findings from scanning' and 'handoff,' links to adjacent skills would improve navigation.	2 / 3
	Total	10 / 12 Passed

Description

89%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

This is a well-crafted description with a clear 'Use when' clause, strong domain-specific trigger terms, and a distinct niche in offensive security testing. The main weakness is that the 'what' portion could be slightly more specific about the concrete actions performed (e.g., payload crafting, lateral movement simulation, credential harvesting) rather than the somewhat abstract 'guides controlled exploitation to measure real-world impact.'

Suggestions

Add 2-3 more concrete actions to the 'what' clause, such as 'crafts payloads, simulates lateral movement, tests credential harvesting' to increase specificity.

Dimension	Reasoning	Score
Specificity	Names the domain (exploitation/vulnerability testing) and some actions (proof-of-concept validation, privilege escalation testing, attack path confirmation), but the primary clause 'guides controlled exploitation of validated vulnerabilities to measure real-world impact' is somewhat abstract rather than listing multiple concrete discrete actions.	2 / 3
Completeness	Clearly answers both 'what' (guides controlled exploitation of validated vulnerabilities to measure real-world impact) and 'when' (explicit 'Use when' clause specifying proof-of-concept validation, privilege escalation testing, or attack path confirmation in an authorized environment).	3 / 3
Trigger Term Quality	Includes strong natural trigger terms that a user in this domain would actually say: 'proof-of-concept validation', 'privilege escalation testing', 'attack path confirmation', 'exploitation', 'validated vulnerabilities', and 'authorized environment'. These cover the key phrases a penetration tester would use.	3 / 3
Distinctiveness Conflict Risk	Highly distinctive niche focused specifically on exploitation and post-validation attack confirmation, clearly distinguishable from vulnerability scanning, reporting, or general security skills. The terms 'exploitation', 'privilege escalation', and 'attack path confirmation' carve out a clear niche.	3 / 3
	Total	11 / 12 Passed

Validation

100%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 11 / 11 Passed

Validation for skill structure

No warnings or errors.

Repository: santosomar/ethical-hacking-agent-skills
Commit: 9976e81

Reviewed: 2 months ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.