CtrlK
BlogDocsLog inGet started
Tessl Logo

secrets-management

Implement secure secrets management for CI/CD pipelines using Vault, AWS Secrets Manager, or native platform solutions. Use when handling sensitive credentials, rotating secrets, or securing CI/CD environments.

82

1.11x
Quality

Does it follow best practices?

Impact

86%

1.11x

Average score across 3 eval scenarios

SecuritybySnyk

Risky

Do not use without reviewing

SKILL.md
Quality
Evals
Security

Quality

Content

65%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The skill is highly actionable with broad, mostly executable code across many CI/CD secrets tools, but it is somewhat verbose, lacks validation feedback loops for the destructive rotation workflow, and references bundle files that are not present.

Suggestions

Replace the undefined generate_strong_password()/update_database_password() calls in the rotation example with concrete implementations or an explicit note that they are placeholders.

Add an explicit validation/retry checkpoint to the rotation workflow (e.g., verify the new credential works before revoking the old one, and roll back if verification fails).

Either create the referenced references/vault-setup.md and references/github-secrets.md files or remove the dangling references; move the bulky per-tool integration detail into those files to slim the inline body.

DimensionReasoningScore

Conciseness

The body is mostly efficient code, but the 'Secrets Management Tools' feature-bullet lists and the generic 10-item 'Best Practices' list restate concepts Claude already knows and could be tightened; not quite the lean, every-token-earns-its-place level.

2 / 3

Actionability

The overwhelming majority of examples (Vault CLI, GitHub Actions/GitLab YAML, Terraform HCL, AWS CLI, ExternalSecrets, TruffleHog) are concrete and copy-paste ready; the one blemish is the Python rotation example calling undefined generate_strong_password()/update_database_password() stubs.

3 / 3

Workflow Clarity

The 'Manual Rotation Process' is a numbered sequence with a 'Verify functionality' step, but secret rotation is a destructive/batch-style operation and no explicit validate->fix->retry feedback loop is given, so workflow clarity is capped at 2 per the destructive-operations guideline.

2 / 3

Progressive Disclosure

References are signaled one level deep ('See references/vault-setup.md'), which is good practice, but the references/ directory does not exist (broken links) and most detailed integration content is inlined monolithically rather than split into those files.

2 / 3

Total

9

/

12

Passed

Description

90%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

A strong description: it clearly states what the skill does and when to use it, with natural trigger terms and a distinct CI/CD secrets niche. The only weakness is that the primary capability is described with an abstract verb rather than multiple concrete actions.

DimensionReasoningScore

Specificity

Names the domain and concrete tools ('Vault, AWS Secrets Manager, or native platform solutions') but the core action is the abstract verb 'Implement' rather than a list of multiple specific actions, so it does not reach the 'multiple specific concrete actions' anchor.

2 / 3

Completeness

It explicitly answers both 'what' ('Implement secure secrets management for CI/CD pipelines using Vault, AWS Secrets Manager...') and 'when' via an explicit 'Use when...' clause with concrete triggers.

3 / 3

Trigger Term Quality

'handling sensitive credentials, rotating secrets, or securing CI/CD environments' plus named tools are natural terms a user would say when they need this skill, giving good coverage.

3 / 3

Distinctiveness Conflict Risk

The CI/CD-pipeline secrets-management niche anchored to specific tools (Vault, AWS Secrets Manager) is a clear, distinct trigger space unlikely to fire for unrelated skills.

3 / 3

Total

11

/

12

Passed

Validation

93%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation15 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

referenced_paths_exist

Referenced path issues: 4 missing

Warning

Total

15

/

16

Passed

Repository
Dicklesworthstone/pi_agent_rust
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.