Comprehensive toolkit for generating best practice Helm charts and resources following current standards and conventions. Use this skill when creating new Helm charts, implementing Helm templates, scaffolding Chart.yaml and values.yaml, defining deployment templates, service definitions, ingress configurations, .tpl helpers, or building Helm projects from scratch. Trigger phrases include "create", "generate", "build", "scaffold" alongside terms like "kubernetes helm", "k8s charts", "helm package", "chart dependencies", "values.yaml", or "helm install".

Comprehensive toolkit for validating, linting, and testing GitHub Actions workflow files, custom local actions, and public actions. Use this skill when working with GitHub Actions YAML files (.github/workflows/*.yml), validating workflow syntax, testing workflow execution with act, or debugging workflow issues.

Creates .gitlab-ci.yml files, configures pipeline stages, defines CI jobs and runners, sets up deployment workflows, and generates reusable GitLab CI/CD templates following current best practices and security standards. Use when users ask to create or build a GitLab CI/CD pipeline, CI config, build pipeline, deploy pipeline, GitLab YAML, CI jobs, or any .gitlab-ci.yml configuration from scratch or for a new project.

Validates, lints, and secures Dockerfiles by running syntax checking, detecting security vulnerabilities, validating layer ordering, checking for hardcoded secrets, verifying base image tags, and analyzing build optimization. Use when validating Dockerfile syntax, checking security best practices, optimizing image builds, auditing container security, or debugging Dockerfile errors. Applies to all Dockerfile variants (Dockerfile, Dockerfile.prod, Dockerfile.dev, etc.).

Evaluate, score, and remediate agent skill collections using a 9-dimension quality framework (Knowledge Delta, Mindset, Anti-Patterns, Specification Compliance, Progressive Disclosure, Freedom Calibration, Pattern Recognition, Practical Usability, Eval Validation). Performs duplication detection, generates remediation plans with T-shirt sizing, enforces CI quality gates, validates artifact conventions, tracks score trends, and ensures tessl registry compliance. Use when evaluating skill quality, auditing SKILL.md files, scoring agent skills, generating remediation plans, detecting duplicate skills, validating skill format, enforcing quality gates, optimizing for A-grade publication, comparing audit baselines, batch skill assessments, or checking tessl compliance. Triggers: 'check my skills', 'skill audit', 'improve my SKILL.md', 'quality check', 'A-grade scoring', 'quality gates', 'eval validation', 'audit all skills', 'remediation plan', 'skill judge', 'dimension scoring'.

Creates structured specifications, validates execution plans against specs, manages two-loop planning-to-execution workflows with decision gates, and captures provenance of AI-generated work. Use when building software with AI coding agents, when starting any non-trivial feature or change, when an agent keeps building the wrong thing, when you want repeatable and verifiable AI-assisted development, or when someone mentions spec-driven, SDD, specification first, or code is a side effect. Also use when the user wants to structure agent workflows, create specifications, establish decision gates between planning and execution, or capture provenance.

Query Google Analytics 4 (GA4) data via the Analytics Data API. Use when you need to pull website analytics like top pages, traffic sources, user counts, sessions, conversions, or any GA4 metrics/dimensions. Supports custom date ranges and filtering.

Use when setting up automated skill review workflows, configuring GitHub Actions for Tessl skill scoring, adding PR checks for skills, implementing CI/CD pipelines for skill quality gates, or migrating between workflow architectures. Supports internal repositories (single-workflow) and public repositories with external contributors (two-workflow with security isolation).

Semantic folder index for codebase navigation. Generates index.toon files with concise folder summaries ordered by importance, enabling fast LLM codebase traversal without reading every file. Commands: /toondex (create initial index), /redex (update with changes). Use when the user wants to index a codebase, understand project structure, map codebase folders, index project layout, navigate a large codebase, understand folder structure, or asks about /toondex or /redex commands.

Helps fix security vulnerabilities identified by DryRunSecurity. Activates when the user shares a DryRunSecurity comment (from a GitHub PR or GitLab MR) or asks for help fixing any security finding including SQL injection, XSS, CSRF, SSRF, path traversal, command injection, authentication bypass, authorization flaws, and prompt injection. Researches authoritative sources and applies fixes grounded in the user's specific codebase context.

Monitors GitHub Actions workflow runs and reports pass/fail results. Use when git push has been executed, code has been pushed to a remote, or when the user asks about CI status.

Idempotent API design — safe retries for POST endpoints, idempotency keys, and preventing duplicate orders. Apply AUTOMATICALLY whenever building any POST endpoint that creates resources or triggers side effects.