secrets-management
Implement secure secrets management for CI/CD pipelines using Vault, AWS Secrets Manager, or native platform solutions. Use when handling sensitive credentials, rotating secrets, or securing CI/CD environments.
69
56%
Does it follow best practices?
Impact
86%
1.11xAverage score across 3 eval scenarios
Risky
Do not use without reviewing
Optimize this skill with Tessl
npx tessl skill review --optimize ./tests/ext_conformance/artifacts/agents-wshobson/cicd-automation/skills/secrets-management/SKILL.mdQuality
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a solid skill description that clearly defines its niche at the intersection of secrets management and CI/CD pipelines. It excels at completeness with an explicit 'Use when' clause and includes good trigger terms. The main weakness is that the specific actions could be more granular—listing concrete tasks like configuring secret rotation policies, injecting secrets into build steps, or auditing secret access would strengthen it.
Suggestions
Add more concrete actions beyond 'implement' — e.g., 'configure secret rotation policies, inject secrets into pipeline steps, set up dynamic credentials, audit secret access logs'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (secrets management for CI/CD) and mentions specific tools (Vault, AWS Secrets Manager), but the actions are somewhat general ('implement', 'handling', 'rotating', 'securing') rather than listing multiple concrete discrete actions like 'configure secret rotation policies, inject secrets into pipeline steps, set up dynamic credentials'. | 2 / 3 |
Completeness | Clearly answers both 'what' (implement secure secrets management for CI/CD using Vault, AWS Secrets Manager, or native platform solutions) and 'when' (Use when handling sensitive credentials, rotating secrets, or securing CI/CD environments) with an explicit 'Use when...' clause. | 3 / 3 |
Trigger Term Quality | Includes strong natural keywords users would say: 'secrets management', 'CI/CD pipelines', 'Vault', 'AWS Secrets Manager', 'credentials', 'rotating secrets'. These cover common terms a user would naturally use when needing this skill. | 3 / 3 |
Distinctiveness Conflict Risk | The combination of secrets management + CI/CD pipelines + specific tools (Vault, AWS Secrets Manager) creates a clear niche that is unlikely to conflict with general CI/CD skills or general security skills. The triggers are distinct enough to avoid false matches. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
22%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill reads more like a comprehensive reference document than an actionable skill guide. It covers too many tools at surface level without clear workflows, validation steps, or decision guidance for choosing between approaches. The content is significantly bloated with feature lists and explanations Claude already knows, while lacking the verification checkpoints critical for security-sensitive operations like secret rotation.
Suggestions
Drastically reduce the overview to a decision matrix (when to use Vault vs AWS SM vs native secrets) and move each tool's detailed examples into separate reference files.
Add explicit validation steps after secret configuration (e.g., verify secret retrieval works, test with a dry-run deployment, check audit logs) to create proper feedback loops.
Remove feature bullet lists for each tool (Claude knows what Vault and AWS Secrets Manager do) and replace with only the specific integration patterns and gotchas.
Complete incomplete code examples—define helper functions like `generate_strong_password()` or replace with actual implementations, and add security warnings for dev-mode Vault usage.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is extremely verbose, listing feature bullet points for tools Claude already knows (e.g., 'AWS-native solution', 'Automatic rotation', 'IAM integration'), explaining what protected/masked variables are, and including a lengthy 'When to Use' section of obvious use cases. The 'Purpose' section restates the title. Much of this content is padding that doesn't add actionable value. | 1 / 3 |
Actionability | There are concrete code examples for Vault, AWS Secrets Manager, GitHub Actions, and Kubernetes, which is good. However, several examples are incomplete (e.g., `generate_strong_password()` and `update_database_password()` are undefined functions), the Vault dev server setup uses insecure defaults without warning, and some sections like GitLab CI/CD Variables and Best Practices are just lists without executable guidance. | 2 / 3 |
Workflow Clarity | There are no clear multi-step workflows with validation checkpoints. The manual rotation process lists steps but has no verification or rollback guidance. Secret rotation—a destructive operation—lacks feedback loops. The overall document reads as a reference catalog rather than a guided workflow, with no sequencing of when to use which approach or how to verify secrets are properly configured. | 1 / 3 |
Progressive Disclosure | References to external files (vault-setup.md, github-secrets.md) and related skills are present, which is good. However, the main file is a monolithic wall of text covering 5+ tools in extensive detail that should be split into separate reference files. The inline content is far too long for a SKILL.md overview. | 2 / 3 |
Total | 6 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- Dicklesworthstone/pi_agent_rust
- Commit
6e3d68c
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.