Content
57%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The body is a thorough, well-sectioned security reference with concrete code and per-section checklists, but it is overlong and redundant, mixes inconsistent framework examples, and is monolithic with no progressive disclosure into bundle files.
Suggestions
Dedupe the duplicated "When to Use" block and remove the generic filler line; collapse the master checklist to reference the per-section checks instead of repeating them.
Move the per-topic code deep-dives into reference files (e.g., references/secrets.md, references/auth.md) and keep SKILL.md as a concise overview with one-level-deep links.
Fix the inconsistent/non-existent imports (express-rate-limit vs Next.js context, @/lib/csrf, @solana/web3.js verify) so examples are genuinely copy-paste ready.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The ~500-line body is mostly useful but padded: the "When to Use" list is duplicated (top and near the end), a generic filler line ("This skill is applicable to execute the workflow or actions described in the overview") is present, and the master "Pre-Deployment Security Checklist" repeats the per-section "Verification Steps" checklists. | 2 / 3 |
Actionability | It provides abundant concrete, executable code (zod schemas, parameterized queries, RLS SQL, DOMPurify, rate limiting, npm audit), but a few examples are not copy-paste ready due to hypothetical or inconsistent imports ("@/lib/csrf", express-rate-limit mixed with Next.js NextResponse, "verify" from @solana/web3.js). | 2.5 / 3 |
Workflow Clarity | Content is organized into 10 numbered sections each with a "Verification Steps" checklist plus a master pre-deployment checklist, but there is no true sequenced workflow with feedback loops (validate → fix → retry) for the destructive or batch operations it covers. | 2 / 3 |
Progressive Disclosure | It is a single monolithic ~500-line file with no bundle files (references/, scripts/, assets/ are absent) and only external URLs; all ten topic deep-dives are inline when much of this reference material should be split into separate files. | 2 / 3 |
Total | 8.5 / 12 Passed |