arn-infra-secrets
This skill should be used when the user says "manage secrets", "arn infra secrets", "infra secrets", "secrets management", "set up secrets", "configure secrets", "audit secrets", "secrets audit", "rotate secrets", "secret storage", "vault setup", "key management", "credential management", "secrets scan", "check for exposed secrets", "secrets provider", "arn-infra-secrets", "set up secret manager", "configure secret injection", "environment variables", "env vars", "secure env vars", or wants to set up, configure, audit, or manage secrets and credential storage for their infrastructure deployment.
47
49%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Risky
Do not use without reviewing
Optimize this skill with Tessl
npx tessl skill review --optimize ./plugins/arn-infra/skills/arn-infra-secrets/SKILL.mdSecurity
1 high severity finding. You should review these findings carefully before considering using this skill.
W007: Insecure credential handling detected in skill instructions
What this means
The skill handles credentials insecurely by requiring the agent to include secret values verbatim in its generated output. This exposes credentials in the agent’s context and conversation history, creating a risk of data exfiltration.
Why it was flagged
Insecure credential handling detected (high risk: 0.90). This skill explicitly instructs scanning for and listing secrets, importing "existing secrets from the scan findings", and creating/setting initial secrets (e.g., "create initial secrets", "fly secrets set KEY=value"), which will cause the agent to read and potentially output secret values verbatim unless additional redaction controls are enforced.
- Repository
- AppsVortex/arness
- Commit
b9084b6
- Audited
- Security analysis
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.