defense-in-depth-validation

Validate at every layer data passes through to make bugs impossible. Use when invalid data causes failures deep in execution, requiring validation at multiple system layers.

Quality

76%

Does it follow best practices?

Impact

—

No eval scenarios have been run

Securityby

Passed

No known issues

Fix and improve this skill with Tessl

tessl review fix ./plugins/defense-in-depth-validation/skills/defense-in-depth-validation/SKILL.md

Quality

Content

85%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This is a well-structured skill that provides concrete, actionable guidance for implementing defense-in-depth validation. Its main strength is the clear four-layer framework with executable TypeScript examples and a real-world walkthrough. Minor weakness is some motivational/explanatory text that could be trimmed since Claude doesn't need convincing about why validation matters.

Suggestions

Trim the 'Why Multiple Layers' section to just the bullet list of what each layer catches—remove the 'Single validation vs Multiple layers' comparison as it's motivational rather than instructional.

Dimension	Reasoning	Score
Conciseness	The content is mostly efficient but includes some unnecessary explanatory text that Claude would already understand, such as the 'Why Multiple Layers' section explaining the difference between single and multiple validation. The 'Key Insight' section at the end also restates what was already demonstrated. However, the code examples are lean and the overall structure is reasonable.	2 / 3
Actionability	The skill provides fully executable TypeScript code examples for each of the four validation layers, with concrete patterns that can be directly applied. The 'Applying the Pattern' section gives a clear 4-step process, and the real-world example traces a specific bug through all layers with concrete fixes.	3 / 3
Workflow Clarity	The 'Applying the Pattern' section provides a clear 4-step sequence (trace → map → add → test), and the example demonstrates the complete workflow from bug discovery through resolution. Step 4 explicitly includes a validation/testing checkpoint ('Try to bypass layer 1, verify layer 2 catches it'), providing a feedback loop for verification.	3 / 3
Progressive Disclosure	For a standalone skill with no bundle files, the content is well-organized with clear section headers, a concise overview, four distinct layers each with their own subsection, and a practical example. The length is appropriate (~100 lines) and doesn't need external references. Content is logically structured for easy scanning.	3 / 3
	Total	11 / 12 Passed

Description

67%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description has a clear structure with both 'what' and 'when' clauses, which is its strongest aspect. However, it lacks specific concrete actions (what kinds of validation, at which layers) and uses aspirational language ('make bugs impossible') instead of precise capabilities. The trigger terms are adequate but miss many natural variations users might employ when seeking validation help.

Suggestions

Add specific concrete actions such as 'Add input schema validation, type guards, boundary checks, and API response sanitization across controller, service, and data layers'.

Include more natural trigger terms users would say, such as 'input validation', 'type checking', 'schema validation', 'defensive programming', 'data integrity', or 'sanitize inputs'.

Replace the aspirational claim 'make bugs impossible' with a concrete outcome like 'catch invalid data early before it propagates through the system'.

Dimension	Reasoning	Score
Specificity	The description names a domain (data validation across layers) and a general action ('validate at every layer data passes through'), but lacks specific concrete actions like 'add type checks', 'validate input schemas', 'sanitize API responses', etc. The phrase 'make bugs impossible' is aspirational fluff rather than a concrete capability.	2 / 3
Completeness	The description explicitly answers both 'what' (validate at every layer data passes through) and 'when' ('Use when invalid data causes failures deep in execution, requiring validation at multiple system layers'), with a clear 'Use when...' clause providing trigger guidance.	3 / 3
Trigger Term Quality	Includes some relevant terms like 'validation', 'invalid data', 'failures', and 'system layers', but misses many natural user phrases like 'input validation', 'schema validation', 'type checking', 'sanitization', 'defensive programming', 'data integrity', or 'boundary checks'.	2 / 3
Distinctiveness Conflict Risk	The concept of 'validation' is fairly broad and could overlap with skills related to testing, error handling, type systems, or input sanitization. The multi-layer aspect adds some distinctiveness, but 'data validation' is a common concern across many skill domains.	2 / 3
	Total	9 / 12 Passed

Validation

100%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 11 / 11 Passed

Validation for skill structure

No warnings or errors.

Repository: secondsky/claude-skills
Commit: 5e92b71

Reviewed: about 2 months ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.