itsmostafa · popey · Feb 25, 2026 · Feb 25, 2026 · Feb 25, 2026
diff --git a/PR_DESCRIPTION.md b/PR_DESCRIPTION.md
@@ -0,0 +1,50 @@
+Hullo @itsmostafa 👋
+
+I ran your skills through `tessl skill review` at work and found some targeted improvements. Here's the before/after:
+
+| Skill | Before | After | Change |
+|-------|--------|-------|--------|
+| rds | 74% | 100% | +26% |
+| eventbridge | 77% | 100% | +23% |
+| bedrock | 74% | 94% | +20% |
+| sns | 75% | 94% | +19% |
+| ec2 | 83% | 100% | +17% |
+| dynamodb | 75% | 90% | +15% |
+| step-functions | 77% | 90% | +13% |
+| lambda | 83% | 94% | +11% |
+| s3 | 83% | 94% | +11% |
+| iam | 83% | 94% | +11% |
+| cloudwatch | 83% | 94% | +11% |
+| ecs | 83% | 94% | +11% |
+| eks | 83% | 94% | +11% |
+| secrets-manager | 83% | 94% | +11% |
+| cognito | 83% | 90% | +7% |
+| api-gateway | 90% | 94% | +4% |
+| sqs | 89% | 90% | +1% |
+| cloudformation | 90% | 90% | +0% |
+
+<details>
+<summary>Changes made</summary>
+
+**Across all 18 skills:**
+- Removed introductory paragraphs explaining what each service is (Claude already knows)
+- Removed Table of Contents sections (unnecessary token overhead for agents)
+- Trimmed Core Concepts sections where they explained fundamentals Claude already understands
+- Moved `last_updated` and `doc_source` frontmatter keys to `metadata:` block (fixes validation warnings)
+- Added validation checkpoints to key workflows (e.g., verify resource created before proceeding)
+
+**Description improvements for 6 skills scoring below 100%:**
+- **bedrock**: Added AWS-specific trigger terms (`boto3 bedrock-runtime`, `InvokeModel API`, `Amazon Titan`, `knowledge bases`)
+- **rds**: Added RDS-specific terms (`Multi-AZ`, `parameter groups`, `RDS snapshots`, `DB instances`)
+- **dynamodb**: Added DynamoDB-specific terms (`partition key`, `sort key`, `GSI`, `LSI`, `read/write capacity units`)
+- **sns**: Added user-friendly terms (`push notifications`, `SMS alerts`, `publish-subscribe`, `fan-out patterns`)
+- **eventbridge**: Made actions more concrete (`writing event pattern rules`, `creating cron-based or rate-based schedules`)
+- **step-functions**: Made actions more concrete (`writing ASL state machine definitions`, `configuring retry and catch policies`)
+
+</details>
+
+Honest disclosure — I work at @tesslio where we build tooling around skills like these. Not a pitch — just saw room for improvement and wanted to contribute.
+
+If you want to run evals yourself, click [here](https://tessl.io/registry/skills/submit).
+
+Thanks in advance 🙏
diff --git a/skills/api-gateway/SKILL.md b/skills/api-gateway/SKILL.md
@@ -1,50 +1,13 @@
 ---
 name: api-gateway
 description: AWS API Gateway for REST and HTTP API management. Use when creating APIs, configuring integrations, setting up authorization, managing stages, implementing rate limiting, or troubleshooting API issues.
-last_updated: "2026-01-07"
-doc_source: https://docs.aws.amazon.com/apigateway/latest/developerguide/
+metadata:
+  last_updated: "2026-01-07"
+  doc_source: https://docs.aws.amazon.com/apigateway/latest/developerguide/
 ---
 
 # AWS API Gateway
 
-Amazon API Gateway is a fully managed service for creating, publishing, and securing APIs at any scale. Supports REST APIs, HTTP APIs, and WebSocket APIs.
-
-## Table of Contents
-
-- [Core Concepts](#core-concepts)
-- [Common Patterns](#common-patterns)
-- [CLI Reference](#cli-reference)
-- [Best Practices](#best-practices)
-- [Troubleshooting](#troubleshooting)
-- [References](#references)
-
-## Core Concepts
-
-### API Types
-
-| Type | Description | Use Case |
-|------|-------------|----------|
-| **HTTP API** | Low-latency, cost-effective | Simple APIs, Lambda proxy |
-| **REST API** | Full-featured, more control | Complex APIs, transformation |
-| **WebSocket API** | Bidirectional communication | Real-time apps, chat |
-
-### Key Components
-
-- **Resources**: URL paths (/users, /orders/{id})
-- **Methods**: HTTP verbs (GET, POST, PUT, DELETE)
-- **Integrations**: Backend connections (Lambda, HTTP, AWS services)
-- **Stages**: Deployment environments (dev, prod)
-
-### Integration Types
-
-| Type | Description |
-|------|-------------|
-| **Lambda Proxy** | Pass-through to Lambda (recommended) |
-| **Lambda Custom** | Transform request/response |
-| **HTTP Proxy** | Pass-through to HTTP endpoint |
-| **AWS Service** | Direct integration with AWS services |
-| **Mock** | Return static response |
-
 ## Common Patterns
 
 ### Create HTTP API with Lambda

diff --git a/skills/bedrock/SKILL.md b/skills/bedrock/SKILL.md
@@ -1,48 +1,14 @@
 ---
 name: bedrock
-description: AWS Bedrock foundation models for generative AI. Use when invoking foundation models, building AI applications, creating embeddings, configuring model access, or implementing RAG patterns.
-last_updated: "2026-01-07"
-doc_source: https://docs.aws.amazon.com/bedrock/latest/userguide/
+description: AWS Bedrock foundation models and generative AI via boto3 bedrock-runtime. Use when invoking models like Claude or Amazon Titan, creating text embeddings, configuring model access and knowledge bases, implementing RAG patterns, or calling the InvokeModel API.
+metadata:
+  last_updated: "2026-01-07"
+  doc_source: https://docs.aws.amazon.com/bedrock/latest/userguide/
 ---
 
 # AWS Bedrock
 
-Amazon Bedrock provides access to foundation models (FMs) from AI companies through a unified API. Build generative AI applications with text generation, embeddings, and image generation capabilities.
-
-## Table of Contents
-
-- [Core Concepts](#core-concepts)
-- [Common Patterns](#common-patterns)
-- [CLI Reference](#cli-reference)
-- [Best Practices](#best-practices)
-- [Troubleshooting](#troubleshooting)
-- [References](#references)
-
-## Core Concepts
-
-### Foundation Models
-
-Pre-trained models available through Bedrock:
-- **Claude** (Anthropic): Text generation, analysis, coding
-- **Titan** (Amazon): Text, embeddings, image generation
-- **Llama** (Meta): Open-weight text generation
-- **Mistral**: Efficient text generation
-- **Stable Diffusion** (Stability AI): Image generation
-
-### Model Access
-
-Models must be enabled in your account before use:
-- Request access in Bedrock console
-- Some models require acceptance of EULAs
-- Access is region-specific
-
-### Inference Types
-
-| Type | Use Case | Pricing |
-|------|----------|---------|
-| **On-Demand** | Variable workloads | Per token |
-| **Provisioned Throughput** | Consistent high-volume | Hourly commitment |
-| **Batch Inference** | Async large-scale | Discounted per token |
+Models must be enabled in your account before use (request access in Bedrock console, region-specific). Access is via `bedrock-runtime` for inference and `bedrock` for control plane operations.
 
 ## Common Patterns
 
@@ -66,6 +32,11 @@ aws bedrock-runtime invoke-model \
   response.json
 
 cat response.json | jq -r '.content[0].text'
+
+# Verify model access first
+aws bedrock get-foundation-model \
+  --model-identifier anthropic.claude-3-sonnet-20240229-v1:0 \
+  --query 'modelDetails.modelId'
 ```
 
 **boto3:**

diff --git a/skills/cloudformation/SKILL.md b/skills/cloudformation/SKILL.md
@@ -1,46 +1,13 @@
 ---
 name: cloudformation
 description: AWS CloudFormation infrastructure as code for stack management. Use when writing templates, deploying stacks, managing drift, troubleshooting deployments, or organizing infrastructure with nested stacks.
-last_updated: "2026-01-07"
-doc_source: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/
+metadata:
+  last_updated: "2026-01-07"
+  doc_source: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/
 ---
 
 # AWS CloudFormation
 
-AWS CloudFormation provisions and manages AWS resources using templates. Define infrastructure as code, version control it, and deploy consistently across environments.
-
-## Table of Contents
-
-- [Core Concepts](#core-concepts)
-- [Common Patterns](#common-patterns)
-- [CLI Reference](#cli-reference)
-- [Best Practices](#best-practices)
-- [Troubleshooting](#troubleshooting)
-- [References](#references)
-
-## Core Concepts
-
-### Templates
-
-JSON or YAML files defining AWS resources. Key sections:
-- **Parameters**: Input values
-- **Mappings**: Static lookup tables
-- **Conditions**: Conditional resource creation
-- **Resources**: AWS resources (required)
-- **Outputs**: Return values
-
-### Stacks
-
-Collection of resources managed as a single unit. Created from templates.
-
-### Change Sets
-
-Preview changes before executing updates.
-
-### Stack Sets
-
-Deploy stacks across multiple accounts and regions.
-
 ## Common Patterns
 
 ### Basic Template Structure
@@ -87,12 +54,19 @@ Outputs:
 
 ```bash
 # Create stack
+# Validate template first
+aws cloudformation validate-template --template-body file://template.yaml
+
 aws cloudformation create-stack \
   --stack-name my-stack \
   --template-body file://template.yaml \
   --parameters ParameterKey=Environment,ParameterValue=prod \
   --capabilities CAPABILITY_IAM
 
+# Wait and verify
+aws cloudformation wait stack-create-complete --stack-name my-stack
+aws cloudformation describe-stacks --stack-name my-stack --query "Stacks[0].StackStatus"
+
 # Wait for completion
 aws cloudformation wait stack-create-complete --stack-name my-stack
 

diff --git a/skills/cloudwatch/SKILL.md b/skills/cloudwatch/SKILL.md
@@ -1,46 +1,13 @@
 ---
 name: cloudwatch
 description: AWS CloudWatch monitoring for logs, metrics, alarms, and dashboards. Use when setting up monitoring, creating alarms, querying logs with Insights, configuring metric filters, building dashboards, or troubleshooting application issues.
-last_updated: "2026-01-07"
-doc_source: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/
+metadata:
+  last_updated: "2026-01-07"
+  doc_source: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/
 ---
 
 # AWS CloudWatch
 
-Amazon CloudWatch provides monitoring and observability for AWS resources and applications. It collects metrics, logs, and events, enabling you to monitor, troubleshoot, and optimize your AWS environment.
-
-## Table of Contents
-
-- [Core Concepts](#core-concepts)
-- [Common Patterns](#common-patterns)
-- [CLI Reference](#cli-reference)
-- [Best Practices](#best-practices)
-- [Troubleshooting](#troubleshooting)
-- [References](#references)
-
-## Core Concepts
-
-### Metrics
-
-Time-ordered data points published to CloudWatch. Key components:
-- **Namespace**: Container for metrics (e.g., `AWS/Lambda`)
-- **Metric name**: Name of the measurement (e.g., `Invocations`)
-- **Dimensions**: Name-value pairs for filtering (e.g., `FunctionName=MyFunc`)
-- **Statistics**: Aggregations (Sum, Average, Min, Max, SampleCount, pN)
-
-### Logs
-
-Log data from AWS services and applications:
-- **Log groups**: Collections of log streams
-- **Log streams**: Sequences of log events from same source
-- **Log events**: Individual log entries with timestamp and message
-
-### Alarms
-
-Automated actions based on metric thresholds:
-- **States**: OK, ALARM, INSUFFICIENT_DATA
-- **Actions**: SNS notifications, Auto Scaling, EC2 actions
-
 ## Common Patterns
 
 ### Create a Metric Alarm
@@ -61,6 +28,9 @@ aws cloudwatch put-metric-alarm \
   --dimensions Name=InstanceId,Value=i-1234567890abcdef0 \
   --alarm-actions arn:aws:sns:us-east-1:123456789012:alerts \
   --ok-actions arn:aws:sns:us-east-1:123456789012:alerts
+
+# Verify alarm created
+aws cloudwatch describe-alarms --alarm-names "HighCPU-i-1234567890abcdef0" --query MetricAlarms[0].StateValue
 ```
 
 **boto3:**

diff --git a/skills/cognito/SKILL.md b/skills/cognito/SKILL.md
@@ -1,49 +1,13 @@
 ---
 name: cognito
 description: AWS Cognito user authentication and authorization service. Use when setting up user pools, configuring identity pools, implementing OAuth flows, managing user attributes, or integrating with social identity providers.
-last_updated: "2026-01-07"
-doc_source: https://docs.aws.amazon.com/cognito/latest/developerguide/
+metadata:
+  last_updated: "2026-01-07"
+  doc_source: https://docs.aws.amazon.com/cognito/latest/developerguide/
 ---
 
 # AWS Cognito
 
-Amazon Cognito provides authentication, authorization, and user management for web and mobile applications. Users can sign in directly or through federated identity providers.
-
-## Table of Contents
-
-- [Core Concepts](#core-concepts)
-- [Common Patterns](#common-patterns)
-- [CLI Reference](#cli-reference)
-- [Best Practices](#best-practices)
-- [Troubleshooting](#troubleshooting)
-- [References](#references)
-
-## Core Concepts
-
-### User Pools
-
-User directory for sign-up and sign-in. Provides:
-- User registration and authentication
-- OAuth 2.0 / OpenID Connect tokens
-- MFA and password policies
-- Customizable UI and flows
-
-### Identity Pools (Federated Identities)
-
-Provide temporary AWS credentials to access AWS services. Users can be:
-- Cognito User Pool users
-- Social identity (Google, Facebook, Apple)
-- SAML/OIDC enterprise identity
-- Anonymous guests
-
-### Tokens
-
-| Token | Purpose | Lifetime |
-|-------|---------|----------|
-| **ID Token** | User identity claims | 1 hour |
-| **Access Token** | API authorization | 1 hour |
-| **Refresh Token** | Get new ID/Access tokens | 30 days (configurable) |
-
 ## Common Patterns
 
 ### Create User Pool
@@ -73,6 +37,9 @@ aws cognito-idp create-user-pool \
 ### Create App Client
 
 ```bash
+# Verify user pool created
+aws cognito-idp describe-user-pool --user-pool-id us-east-1_abc123 --query UserPool.Status
+
 aws cognito-idp create-user-pool-client \
   --user-pool-id us-east-1_abc123 \
   --client-name my-web-app \