secrets-management
Implement secure secrets management for CI/CD pipelines using Vault, AWS Secrets Manager, or native platform solutions. Use when handling sensitive credentials, rotating secrets, or securing CI/CD environments.
69
56%
Does it follow best practices?
Impact
86%
1.11xAverage score across 3 eval scenarios
Risky
Do not use without reviewing
Optimize this skill with Tessl
npx tessl skill review --optimize ./tests/ext_conformance/artifacts/agents-wshobson/cicd-automation/skills/secrets-management/SKILL.mdQuality
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a solid skill description that clearly defines its niche at the intersection of secrets management and CI/CD pipelines. It excels at completeness with an explicit 'Use when' clause and includes good trigger terms. The main weakness is that the specific actions could be more granular—listing concrete tasks like configuring secret rotation policies, injecting secrets into build steps, or auditing secret access would strengthen it.
Suggestions
Add more concrete actions beyond 'implement' — e.g., 'configure secret rotation policies, inject secrets into pipeline steps, set up dynamic credentials, audit secret access logs'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (secrets management for CI/CD) and mentions specific tools (Vault, AWS Secrets Manager), but the actions are somewhat general ('implement', 'handling', 'rotating', 'securing') rather than listing multiple concrete discrete actions like 'configure secret rotation policies, inject secrets into pipeline steps, set up dynamic credentials'. | 2 / 3 |
Completeness | Clearly answers both 'what' (implement secure secrets management for CI/CD using Vault, AWS Secrets Manager, or native platform solutions) and 'when' (Use when handling sensitive credentials, rotating secrets, or securing CI/CD environments) with an explicit 'Use when...' clause. | 3 / 3 |
Trigger Term Quality | Includes strong natural keywords users would say: 'secrets management', 'CI/CD pipelines', 'Vault', 'AWS Secrets Manager', 'credentials', 'rotating secrets'. These cover common terms a user would naturally use when needing this skill. | 3 / 3 |
Distinctiveness Conflict Risk | The combination of secrets management + CI/CD pipelines + specific tools (Vault, AWS Secrets Manager) creates a clear niche that is unlikely to conflict with general CI/CD skills or general security skills. The triggers are distinct enough to differentiate from adjacent skills. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
22%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill reads more like a reference catalog of secrets management tools than an actionable guide. It is excessively verbose with feature bullet lists Claude doesn't need, lacks a coherent workflow with validation checkpoints for what are inherently risky operations (credential management), and tries to cover too many tools inline rather than using progressive disclosure effectively. The code examples provide some value but are incomplete in places.
Suggestions
Cut the tool feature bullet lists (Vault, AWS, Azure, GCP descriptions) entirely—Claude knows what these tools do. Focus only on actionable integration patterns.
Add a clear decision workflow at the top: 'Choose your secrets backend → Implement retrieval → Add rotation → Verify with scanning' with explicit validation steps at each stage.
Move tool-specific integration examples (Vault, AWS, Kubernetes ESO) into separate reference files and keep only a quick-start example for one primary tool in the main skill.
Add validation/verification steps to the rotation process (e.g., 'Test new credential before revoking old one', 'Rollback procedure if rotation fails').
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Extremely verbose with extensive feature lists for each tool (e.g., bullet points listing 'AWS-native solution', 'Automatic rotation', 'Integration with RDS' for AWS Secrets Manager) that Claude already knows. The tool comparison sections are pure description with no actionable value. The document is over 250 lines and could be cut by at least 50% without losing useful guidance. | 1 / 3 |
Actionability | Contains concrete code examples for Vault, AWS Secrets Manager, GitHub Actions, and Kubernetes that are mostly executable. However, several examples are incomplete (e.g., `generate_strong_password()` and `update_database_password()` are undefined functions), and the Vault dev server setup with root token is misleading for production use. The GitHub/GitLab native secrets sections are too thin to be truly actionable. | 2 / 3 |
Workflow Clarity | No clear end-to-end workflow for implementing secrets management. Steps are scattered across tool-specific sections without sequencing or validation checkpoints. The manual rotation process lists steps but has no verification/rollback guidance. For operations involving credential rotation (destructive if done wrong), the absence of validation steps and error recovery is a significant gap. | 1 / 3 |
Progressive Disclosure | References to external files like `references/vault-setup.md` and `references/github-secrets.md` are present, and related skills are listed. However, the main document is a monolithic wall of content covering 6+ tools/platforms inline when much of it should be split into separate reference files. The structure is flat rather than progressive. | 2 / 3 |
Total | 6 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- Dicklesworthstone/pi_agent_rust
- Commit
47823e3
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.