privacy-policy

When the user needs to draft, review, or update a privacy policy for their product, or needs to understand data privacy obligations across jurisdictions.

Quality

56%

Does it follow best practices?

Impact

—

No eval scenarios have been run

Securityby

Advisory

Suggest reviewing before use

Fix and improve this skill with Tessl

tessl review fix ./skills/privacy-policy/SKILL.md

Quality

Content

62%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This is a well-structured skill with a clear workflow and comprehensive coverage of privacy policy creation. Its main weaknesses are verbosity (restating privacy law basics Claude already knows) and lack of concrete output examples — the skill describes what to produce but doesn't show actual draft policy language. The pre-publication checklist and startup pitfalls sections add genuine, actionable value.

Suggestions

Add at least one concrete example of actual draft policy language (e.g., a sample 'Information We Collect' section) so Claude has a clear template for tone, specificity, and format.

Move the detailed 15-section template descriptions and framework requirements (GDPR articles, CCPA specifics) into a referenced file like PRIVACY-REFERENCE.md to keep the main skill leaner.

Remove explanations of well-known privacy concepts (e.g., what GDPR articles require) and instead focus on startup-specific guidance and decision points that Claude wouldn't already know.

In the Examples section, show actual output snippets rather than describing what good output contains — this would significantly improve actionability.

Dimension	Reasoning	Score
Conciseness	The skill is fairly comprehensive but includes some unnecessary verbosity. The 15-section template outline is detailed but could be more concise since Claude already understands privacy policy structure. The frameworks section restates well-known GDPR/CCPA requirements that Claude would already know. However, the startup-specific pitfalls and checklist add genuine value.	2 / 3
Actionability	The workflow provides a clear sequence of steps and the output format is well-defined with a 15-section template. However, there are no concrete code examples, no actual draft policy language snippets, and no executable commands. The examples section describes what good output looks like rather than showing actual draft text, making it harder for Claude to produce consistent results.	2 / 3
Workflow Clarity	The 7-step workflow is clearly sequenced from research through compliance summary generation. It includes validation checkpoints like flagging sections for legal review, a pre-publication checklist with specific verification items, and clear guidance on when attorney review is needed. The three-part deliverable structure provides a clear output framework.	3 / 3
Progressive Disclosure	The skill references related skills (terms-of-service, soc2-prep, security-review) which is good, but the content itself is monolithic — all 15 policy sections, frameworks, checklists, and examples are inline in a single file. The frameworks and detailed section descriptions could be split into referenced files to keep the main skill leaner.	2 / 3
	Total	9 / 12 Passed

Description

50%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description identifies a clear domain (privacy policies) and lists some actions (draft, review, update), but it lacks specificity about concrete capabilities and outputs. It is structured entirely as a trigger condition without a separate 'what it does' statement, and it misses common natural keywords like 'GDPR', 'CCPA', or 'compliance' that users would likely use.

Suggestions

Add an explicit 'what' statement before the trigger clause, e.g., 'Drafts, reviews, and updates privacy policies with jurisdiction-specific compliance guidance (GDPR, CCPA, etc.).'

Include more natural trigger terms users would say, such as 'GDPR', 'CCPA', 'data protection', 'cookie policy', 'compliance', and 'terms of service'.

List more specific concrete capabilities, such as 'generates jurisdiction-specific clauses, identifies missing disclosures, compares requirements across regulations'.

Dimension	Reasoning	Score
Specificity	Names the domain (privacy policy) and some actions (draft, review, update), but lacks specifics about what concrete outputs or capabilities are provided—e.g., does it generate GDPR-compliant text, compare jurisdictions, produce a checklist? The phrase 'understand data privacy obligations' is somewhat vague.	2 / 3
Completeness	The description is structured as a 'when' clause ('When the user needs to...'), which implicitly covers both what and when, but there is no explicit 'what does this do' statement. The 'what' is only implied through the trigger conditions. Per the rubric, a missing explicit 'Use when...' clause or equivalent should cap completeness at 2, and here the 'what' portion is the weak side.	2 / 3
Trigger Term Quality	Includes relevant terms like 'privacy policy', 'data privacy', and 'jurisdictions', but misses common natural variations users might say such as 'GDPR', 'CCPA', 'cookie policy', 'data protection', 'compliance', or 'terms of service'. Coverage is partial.	2 / 3
Distinctiveness Conflict Risk	Privacy policy is a reasonably specific niche, but the mention of 'data privacy obligations across jurisdictions' could overlap with general legal compliance or regulatory skills. It's somewhat distinct but not sharply delineated.	2 / 3
	Total	8 / 12 Passed

Validation

90%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 10 / 11 Passed

Validation for skill structure

Criteria	Description	Result
frontmatter_unknown_keys	Unknown frontmatter key(s) found; consider removing or moving to metadata	Warning

	Total	10 / 11 Passed

Repository: shawnpang/startup-founder-skills
Commit: 4ad31b4

Reviewed: 3 months ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.