Name: pantheon-ai/cfn-template-compare
Author: pantheon-ai

pantheon-ai/cfn-template-compare

Compares deployed CloudFormation templates with locally synthesized CDK templates to detect drift, validate changes, and ensure consistency before deployment. Use when the user wants to compare CDK output with a deployed stack, check for infrastructure drift, run a pre-deployment validation, audit IAM or security changes, investigate a failing deployment, or perform a 'cdk diff'-style review. Triggered by phrases like 'compare templates', 'check for drift', 'cfn drift', 'stack comparison', 'infrastructure drift detection', 'safe to deploy', or 'what changed in my CDK stack'.

Review — 100%

Does it follow best practices?

Evaluation — 100%

↑ 1.09x

Agent success when using this tile

Validation — 11 / 11 Passed

Validation for skill structure

{
  "context": "Tests whether the agent can properly categorize template differences by risk level and make appropriate deployment recommendations.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "Risk categories defined",
      "description": "risk-assessment.md defines or lists at least 4 risk categories (Expected, Low, Medium, High, Critical or similar)",
      "max_score": 10
    },
    {
      "name": "GitRef as expected",
      "description": "The GitRef tag change is categorized as Expected or Low risk (environment-specific metadata)",
      "max_score": 10
    },
    {
      "name": "Alarm threshold as medium",
      "description": "The alarm threshold change is categorized as Medium risk (requires review)",
      "max_score": 12
    },
    {
      "name": "IAM policy as high risk",
      "description": "The IAM policy modification is categorized as High risk (requires explicit sign-off)",
      "max_score": 15
    },
    {
      "name": "CDK Nag suppression as critical",
      "description": "The new CDK Nag suppression is categorized as Critical or High risk (security override)",
      "max_score": 15
    },
    {
      "name": "Resource changes assessed",
      "description": "The added CloudWatch alarms and removed S3 lifecycle policy are categorized with risk levels",
      "max_score": 10
    },
    {
      "name": "Deployment decision present",
      "description": "Document includes a clear deployment decision (approve, review, sign-off, or block)",
      "max_score": 10
    },
    {
      "name": "Decision matches risk",
      "description": "The deployment decision is appropriate for the risk levels found (should require sign-off or block due to IAM/CDK Nag changes)",
      "max_score": 10
    },
    {
      "name": "Required actions listed",
      "description": "Document lists specific actions required before deployment (e.g., InfoSec approval, stakeholder review)",
      "max_score": 8
    }
  ]
}

Install with Tessl CLI

npx tessl i pantheon-ai/cfn-template-compare

evals

scenario-1

scenario-2

scenario-3

scenario-4

rubric.json

task.md

scenario-5

references

scripts

SKILL.md

tile.json

pantheon-ai/cfn-template-compare

rubric.json.css-3qkkll{font-size:var(--chakra-font-sizes-sm);font-weight:var(--chakra-font-weights-normal);color:var(--chakra-colors-gray-300);}evals/scenario-4/

rubric.jsonevals/scenario-4/