privacy-policy
When the user needs to draft, review, or update a privacy policy for their product, or needs to understand data privacy obligations across jurisdictions.
64
56%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/privacy-policy/SKILL.mdQuality
Discovery
50%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description identifies a clear domain (privacy policies) and lists some actions (draft, review, update), but it lacks specificity about concrete capabilities and outputs. It is structured entirely as a trigger condition without a separate 'what it does' statement, and it misses common natural keywords like 'GDPR', 'CCPA', or 'compliance' that users would likely use.
Suggestions
Add an explicit 'what' statement before the trigger clause, e.g., 'Drafts, reviews, and updates privacy policies with jurisdiction-specific compliance guidance (GDPR, CCPA, etc.).'
Include more natural trigger terms users would say, such as 'GDPR', 'CCPA', 'data protection', 'cookie policy', 'compliance', and 'terms of service'.
List more specific concrete capabilities, such as 'generates jurisdiction-specific clauses, identifies missing disclosures, compares requirements across regulations'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (privacy policy) and some actions (draft, review, update), but lacks specifics about what concrete outputs or capabilities are provided—e.g., does it generate GDPR-compliant text, compare jurisdictions, produce a checklist? The phrase 'understand data privacy obligations' is somewhat vague. | 2 / 3 |
Completeness | The description is structured as a 'when' clause ('When the user needs to...'), which implicitly covers both what and when, but there is no explicit 'what does this do' statement. The 'what' is only implied through the trigger conditions. Per the rubric, a missing explicit 'Use when...' clause or equivalent should cap completeness at 2, and here the 'what' portion is the weak side. | 2 / 3 |
Trigger Term Quality | Includes relevant terms like 'privacy policy', 'data privacy', and 'jurisdictions', but misses common natural variations users might say such as 'GDPR', 'CCPA', 'cookie policy', 'data protection', 'compliance', or 'terms of service'. Coverage is partial. | 2 / 3 |
Distinctiveness Conflict Risk | Privacy policy is a reasonably specific niche, but the mention of 'data privacy obligations across jurisdictions' could overlap with general legal compliance or regulatory skills. It's somewhat distinct but not sharply delineated. | 2 / 3 |
Total | 8 / 12 Passed |
Implementation
62%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-structured skill with a clear workflow and comprehensive coverage of privacy policy creation. Its main weaknesses are verbosity (restating privacy law basics Claude already knows) and lack of concrete output examples — the skill describes what to produce but doesn't show actual draft policy language. The pre-publication checklist and startup pitfalls sections add genuine, actionable value.
Suggestions
Add at least one concrete example of actual draft policy language (e.g., a sample 'Information We Collect' section) so Claude has a clear template for tone, specificity, and format.
Move the detailed 15-section template descriptions and framework requirements (GDPR articles, CCPA specifics) into a referenced file like PRIVACY-REFERENCE.md to keep the main skill leaner.
Remove explanations of well-known privacy concepts (e.g., what GDPR articles require) and instead focus on startup-specific guidance and decision points that Claude wouldn't already know.
In the Examples section, show actual output snippets rather than describing what good output contains — this would significantly improve actionability.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is fairly comprehensive but includes some unnecessary verbosity. The 15-section template outline is detailed but could be more concise since Claude already understands privacy policy structure. The frameworks section restates well-known GDPR/CCPA requirements that Claude would already know. However, the startup-specific pitfalls and checklist add genuine value. | 2 / 3 |
Actionability | The workflow provides a clear sequence of steps and the output format is well-defined with a 15-section template. However, there are no concrete code examples, no actual draft policy language snippets, and no executable commands. The examples section describes what good output looks like rather than showing actual draft text, making it harder for Claude to produce consistent results. | 2 / 3 |
Workflow Clarity | The 7-step workflow is clearly sequenced from research through compliance summary generation. It includes validation checkpoints like flagging sections for legal review, a pre-publication checklist with specific verification items, and clear guidance on when attorney review is needed. The three-part deliverable structure provides a clear output framework. | 3 / 3 |
Progressive Disclosure | The skill references related skills (terms-of-service, soc2-prep, security-review) which is good, but the content itself is monolithic — all 15 policy sections, frameworks, checklists, and examples are inline in a single file. The frameworks and detailed section descriptions could be split into referenced files to keep the main skill leaner. | 2 / 3 |
Total | 9 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- shawnpang/startup-founder-skills
- Commit
4ad31b4
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.