gitops-repo-audit

Audit Flux CD GitOps repositories for structure, security, API compliance, and best practices. Use this skill whenever the user asks to audit, analyze, review, validate, or check a GitOps repository. Also use it when users mention Flux repo structure, GitOps best practices, manifest validation, deprecated APIs, security review, or repository organization — even if they don't explicitly say "audit".

Install with Tessl CLI

npx tessl i github:fluxcd/agent-skills --skill gitops-repo-audit

What are skills?

100

Review — 100%

Does it follow best practices?

Validation — 11 / 11 Passed

Validation for skill structure

SKILL.md

Review

Evals

Evaluation results

100%

68%

GitOps Repository Audit: Acme Corp Platform

Discovery workflow and bootstrap migration detection

Criteria

Without context

With context

Discovery script invocation

40%

100%

Repository pattern classified

100%

gotk-sync.yaml detected

70%

100%

Flux Operator migration recommended

100%

Migration URL included

100%

gotk-components.yaml excluded from best practices

100%

postBuild variable placeholders not flagged as errors

100%

substituteFrom ConfigMap watch label missing

100%

Legacy remediation pattern flagged

100%

Recommendations section present

41%

100%

Without context: $0.3226 · 1m 58s · 10 turns · 15 in / 6,552 out tokens

With context: $1.2379 · 3m 55s · 41 turns · 33 in / 14,256 out tokens

85%

12%

GitOps Repository API Compliance Review

Deprecated API detection and migration guidance

Criteria

Without context

With context

check-deprecated.sh invoked

50%

API Compliance section present

100%

All v1beta1 Kustomizations identified

100%

v1beta2 Kustomizations identified

100%

HelmRelease deprecated versions identified

100%

Notification API deprecations identified

100%

Source API deprecations identified

100%

HelmRepository type:oci flagged as legacy

20%

Migration steps from api-migration.md included

25%

100%

deprecated-resources.txt file created

100%

Target versions specified

100%

Without context: $0.4364 · 2m 6s · 11 turns · 16 in / 9,924 out tokens

With context: $0.7700 · 2m 29s · 33 turns · 5,238 in / 10,590 out tokens

100%

18%

GitOps Repository Security Review

Security audit scanning and secrets management review

Criteria

Without context

With context

Hardcoded password detected

100%

insecure:true source flagged

100%

Plain-text Secret flagged

100%

SOPS-encrypted Secret NOT flagged

100%

ECR Workload Identity missing

100%

Push branch isolation missing

100%

OCIRepository missing cosign verification

100%

OCIRepository mutable tag in use

100%

GitHub App auth recommendation

100%

security-findings.txt created

100%

Without context: $0.2521 · 1m 40s · 10 turns · 14 in / 5,552 out tokens

With context: $1.1284 · 4m 10s · 43 turns · 2,872 in / 14,240 out tokens

Evaluated: about 13 hours ago
Agent: Claude Code

Table of Contents

GitOps Repository Audit: Acme Corp Platform GitOps Repository API Compliance Review GitOps Repository Security Review

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.