secrets-management
Implement secure secrets management for CI/CD pipelines using Vault, AWS Secrets Manager, or native platform solutions. Use when handling sensitive credentials, rotating secrets, or securing CI/CD environments.
69
56%
Does it follow best practices?
Impact
86%
1.11xAverage score across 3 eval scenarios
Risky
Do not use without reviewing
Optimize this skill with Tessl
npx tessl skill review --optimize ./tests/ext_conformance/artifacts/agents-wshobson/cicd-automation/skills/secrets-management/SKILL.mdQuality
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a solid skill description that clearly defines its niche at the intersection of secrets management and CI/CD pipelines. It includes an explicit 'Use when' clause with good trigger terms and names specific tools. The main weakness is that the capability actions could be more granular and concrete rather than using broad verbs like 'implement' and 'handling'.
Suggestions
Replace broad verbs with more specific actions, e.g., 'Configure secret injection into pipeline steps, set up automatic credential rotation, manage dynamic secrets, audit secret access' instead of 'implement secure secrets management'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (secrets management for CI/CD) and mentions specific tools (Vault, AWS Secrets Manager), but the actions are somewhat general ('implement', 'handling', 'rotating', 'securing') rather than listing multiple concrete discrete actions like 'configure secret rotation policies, inject secrets into pipeline steps, set up dynamic credentials'. | 2 / 3 |
Completeness | Clearly answers both 'what' (implement secure secrets management for CI/CD using Vault, AWS Secrets Manager, or native platform solutions) and 'when' (Use when handling sensitive credentials, rotating secrets, or securing CI/CD environments) with an explicit 'Use when...' clause. | 3 / 3 |
Trigger Term Quality | Includes strong natural keywords users would say: 'secrets management', 'CI/CD pipelines', 'Vault', 'AWS Secrets Manager', 'credentials', 'rotating secrets'. These cover common terms a user would naturally use when needing this skill. | 3 / 3 |
Distinctiveness Conflict Risk | The combination of secrets management + CI/CD pipelines + specific tools (Vault, AWS Secrets Manager) creates a clear niche that is unlikely to conflict with general CI/CD skills, general security skills, or general cloud infrastructure skills. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
22%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill reads as a broad reference catalog of secrets management tools rather than a focused, actionable skill. It covers too many tools superficially, includes significant amounts of information Claude already knows (tool feature lists, generic best practices), and lacks clear workflows with validation steps. The content would benefit greatly from being narrowed in scope and restructured with proper progressive disclosure.
Suggestions
Remove the feature-listing sections for each cloud provider (Azure Key Vault, Google Secret Manager, etc.) and the generic best practices list — Claude already knows these. Focus on the specific integration patterns and gotchas.
Add a clear workflow at the top showing the decision process: which tool to use when, followed by a step-by-step implementation sequence with validation checkpoints (e.g., verify secret retrieval works before deploying).
Complete incomplete code examples — define `generate_strong_password()` and `update_database_password()`, and add a warning about the insecure Vault dev server setup not being for production use.
Move the detailed tool-specific examples (Vault, AWS, Kubernetes ESO) into separate reference files and keep SKILL.md as a concise overview with quick-start patterns and navigation to those files.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Extremely verbose and encyclopedic. Lists features of every cloud provider's secrets manager (Azure Key Vault, Google Secret Manager) without actionable content. The 'Secrets Management Tools' section is pure feature-listing that Claude already knows. The 10-item best practices list is generic knowledge. Much of this reads like documentation rather than a skill. | 1 / 3 |
Actionability | Contains executable code examples for Vault, AWS Secrets Manager, GitHub Actions, and Kubernetes, which is good. However, many examples are incomplete (e.g., `generate_strong_password()` and `update_database_password()` are undefined), the Vault dev server setup uses insecure defaults without warning, and several sections (Azure, GCP, GitLab variables) provide no executable code at all. | 2 / 3 |
Workflow Clarity | No clear end-to-end workflow is presented. The content is organized as a reference catalog of tools rather than a sequenced process. The manual rotation process lists steps but has no validation checkpoints. For operations involving secrets (destructive if misconfigured), there are no verification steps, error handling, or feedback loops anywhere. | 1 / 3 |
Progressive Disclosure | References to `references/vault-setup.md` and `references/github-secrets.md` are mentioned, and related skills are listed, which shows some structure. However, no bundle files exist to back these references, and the main file is a monolithic wall of content (~250 lines) that should have been split across reference files rather than inlined. | 2 / 3 |
Total | 6 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- Dicklesworthstone/pi_agent_rust
- Commit
b09ec7f
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.