senior-security

I was curious about the security-focused angle here, but the fundamentals seem to be missing some depth—let me walk through what I'm seeing at a 40/100 grade and where we could strengthen this.

Links:

• GitHub
• Your agentic skill in the SkillzWave marketplace

The TL;DR

You're at 40/100, landing in F territory. This is based on Anthropic's best practices for agentic skills. Your strongest area is Spec Compliance (12/15)—the frontmatter and naming conventions are solid. The killer is Utility (4/20)—the skill promises a lot but doesn't deliver actual security functionality.

What's Working Well

• Clean metadata structure – Your YAML frontmatter is valid and the skill name follows hyphen-case conventions correctly
• Solid trigger phrases – The description nails discoverability with specific keywords: "penetration tests", "security audits", "cryptography implementation"
• Good spec alignment – You're following the skill format requirements properly; the problem is what's inside

The Big One: Empty Reference and Script Files

This is your main blocker. All three reference files (security_architecture_patterns.md, penetration_testing_guide.md, cryptography_implementation.md) are identical generic templates with placeholder text like "Pattern 1: Best Practice Implementation" and "Detailed explanation of the pattern." Same story with your Python scripts—they're all identical templates where analyze() just returns empty results.

You're promising "Complete toolkit for senior security" but delivering boilerplate. Replace those references with actual security patterns: OAuth 2.0 validation, STRIDE threat modeling, OWASP Top 10 mitigations, AES-256-GCM encryption, SQL injection prevention. The scripts should implement real security scan...