attack-tree-construction
Build comprehensive attack trees to visualize threat paths. Use when mapping attack scenarios, identifying defense gaps, or communicating security risks to stakeholders.
55
62%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/attack-tree-construction/SKILL.mdQuality
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a solid skill description with a clear 'Use when...' clause, good trigger terms from the security/threat modeling domain, and a distinct niche. Its main weakness is that the 'what' portion could be more specific about the concrete actions performed (e.g., generating tree diagrams, ranking attack likelihood, suggesting mitigations) rather than staying at a slightly abstract level.
Suggestions
Add more specific concrete actions to the 'what' portion, e.g., 'enumerate attack vectors, rank threat likelihood, generate tree diagrams, and suggest mitigations' to improve specificity.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | It names the domain (attack trees, threat paths) and a primary action (build comprehensive attack trees), but doesn't list multiple specific concrete actions like 'enumerate threat actors, rank risk severity, generate mitigation recommendations.' The additional phrases like 'visualize threat paths' and 'identifying defense gaps' are somewhat concrete but lean more toward outcomes than discrete actions. | 2 / 3 |
Completeness | Clearly answers both 'what' (build comprehensive attack trees to visualize threat paths) and 'when' (Use when mapping attack scenarios, identifying defense gaps, or communicating security risks to stakeholders) with an explicit 'Use when...' clause. | 3 / 3 |
Trigger Term Quality | Includes strong natural keywords users would say: 'attack trees', 'threat paths', 'attack scenarios', 'defense gaps', 'security risks', 'stakeholders'. These cover a good range of terms a user working in threat modeling would naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | Attack trees are a very specific security analysis technique, making this clearly distinguishable from general security skills, risk assessment skills, or other threat modeling approaches. The trigger terms are niche enough to avoid conflicts. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
35%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill provides a high-level outline for attack tree construction but lacks the concrete, actionable guidance needed to be useful. The instructions read more like a checklist of abstract concepts than executable steps — there are no example attack trees, no output format specifications, no annotation templates, and no sample inputs/outputs. The referenced implementation playbook is not provided, leaving the skill hollow.
Suggestions
Add a concrete example showing a small attack tree with root node, AND/OR decomposition, and annotated leaves (cost, skill, time, detectability) so Claude knows exactly what output format to produce.
Include a specific output format or template (e.g., Mermaid diagram, markdown tree, or structured JSON) that defines what a completed attack tree looks like.
Provide the referenced `resources/implementation-playbook.md` bundle file, or inline the most critical patterns and templates directly in the skill body.
Add a validation step after tree construction (e.g., 'Verify every leaf has cost/skill/time/detectability annotations and every branch has at least one mitigation mapped') to create a feedback loop.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is relatively brief but includes some unnecessary sections like 'Do not use this skill when' and 'Limitations' that largely restate obvious constraints Claude already understands. The safety and limitations sections are somewhat boilerplate. | 2 / 3 |
Actionability | The instructions are vague and abstract — 'Decompose into sub-goals with AND/OR structure' and 'Annotate leaves with cost, skill, time, and detectability' provide no concrete examples, templates, output formats, or executable steps. There are no example attack trees, no sample annotations, and no concrete guidance on what the output should look like. | 1 / 3 |
Workflow Clarity | There is a sequential list of steps (confirm scope → decompose → annotate → map mitigations → open playbook), but the steps lack validation checkpoints, feedback loops, and specificity. For a multi-step analytical process, there's no guidance on how to verify correctness at each stage or iterate. | 2 / 3 |
Progressive Disclosure | The skill references `resources/implementation-playbook.md` for detailed patterns and templates, which is appropriate progressive disclosure. However, no bundle files were provided, so the referenced resource doesn't actually exist, undermining the reference's value. The main file itself is thin enough that it could benefit from inline examples rather than deferring everything to a missing file. | 2 / 3 |
Total | 7 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- sickn33/antigravity-awesome-skills
- Commit
45bad85
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.