firefrost-gaming/claude-skills-reference
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bc2f656b9d14bf99b5fc4dda91d1f6fb2d45af4f
claude-skills-reference/eval/skills/senior-security.yaml
Leo 75fa9de2bb feat: add promptfoo eval pipeline for skill quality testing 
- Add eval/ directory with 10 pilot skill eval configs
- Add GitHub Action (skill-eval.yml) for automated eval on PR
- Add generate-eval-config.py script for bootstrapping new evals
- Add reusable assertion helpers (skill-quality.js)
- Add eval README with setup and usage docs

Skills covered: copywriting, cto-advisor, seo-audit, content-strategy,
aws-solution-architect, agile-product-owner, senior-frontend,
senior-security, mcp-server-builder, launch-strategy

CI integration:
- Triggers on PR to dev when SKILL.md files change
- Detects which skills changed and runs only those evals
- Posts results as PR comments (non-blocking)
- Uploads full results as artifacts

No existing files modified.
2026-03-12 05:39:24 +01:00

42 lines
1.6 KiB
YAML
Raw Blame History

# Eval: senior-security
# Source: engineering-team/senior-security/SKILL.md
description: "Evaluate senior security engineer skill"
prompts:
- |
You are an expert AI assistant. You have the following skill loaded:
---BEGIN SKILL---
{{skill_content}}
---END SKILL---
Now complete this task: {{task}}
providers:
- id: anthropic:messages:claude-sonnet-4-6
config:
max_tokens: 4096
temperature: 0.7
tests:
- vars:
skill_content: file://../../engineering-team/senior-security/SKILL.md
task: "Perform a security review of this Express.js API endpoint pattern: app.post('/api/users', (req, res) => { const query = `SELECT * FROM users WHERE email = '${req.body.email}'`; db.query(query).then(user => res.json(user)); })"
assert:
- type: llm-rubric
value: "Response identifies SQL injection vulnerability as the primary critical issue"
- type: llm-rubric
value: "Response provides a fixed code example using parameterized queries"
- type: llm-rubric
value: "Response identifies additional issues beyond SQL injection (input validation, error handling, etc.)"
- vars:
skill_content: file://../../engineering-team/senior-security/SKILL.md
task: "Create a security hardening checklist for a new Node.js API going to production. We handle user PII and payment data. Stack: Express, PostgreSQL, Redis, deployed on AWS ECS."
assert:
- type: llm-rubric
value: "Checklist covers OWASP Top 10 categories relevant to the stack"
- type: llm-rubric
value: "Response includes PII and payment-specific requirements (encryption at rest, PCI considerations)"
Reference in New Issue View Git Blame Copy Permalink