gh-actions-validator
Automatically validates and enforces GitHub Actions best practices for Vertex AI and Google Cloud deployments. Expert in Workload Identity Federation (WIF), Vertex AI Agent Engine deployment pipelines, security validation, and CI/CD automation. Triggers: "create github actions", "deploy vertex ai", "setup wif", "validate github workflow", "gcp deployment pipeline"
80
72%
Does it follow best practices?
Impact
100%
1.78xAverage score across 3 eval scenarios
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./backups/skills-batch-20251204-000554/plugins/devops/jeremy-github-actions-gcp/skills/gh-actions-validator/SKILL.mdQuality
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a solid skill description with a clear niche at the intersection of GitHub Actions and Vertex AI/GCP deployments. The explicit trigger phrases are a strong point, and the domain is distinctive enough to avoid conflicts. The main weakness is that the 'what it does' portion could be more specific about concrete actions rather than relying on broad terms like 'best practices' and 'automation'.
Suggestions
Replace vague terms like 'best practices' and 'CI/CD automation' with specific concrete actions, e.g., 'generates workflow YAML files, configures service account permissions, sets up WIF provider/pool resources, validates IAM bindings'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description names the domain (GitHub Actions, Vertex AI, GCP) and mentions some actions like 'validates and enforces best practices' and 'security validation', but doesn't list multiple concrete specific actions (e.g., what exactly it validates, what it creates, what it configures). Terms like 'best practices' and 'CI/CD automation' are somewhat vague. | 2 / 3 |
Completeness | Clearly answers 'what' (validates/enforces GitHub Actions best practices for Vertex AI/GCP deployments, WIF, security validation, CI/CD automation) and 'when' (explicit triggers section listing specific phrases that should activate the skill). The triggers serve as an explicit 'Use when' equivalent. | 3 / 3 |
Trigger Term Quality | Includes explicit trigger phrases that users would naturally say: 'create github actions', 'deploy vertex ai', 'setup wif', 'validate github workflow', 'gcp deployment pipeline'. These cover natural variations of user requests and include both abbreviated (WIF, GCP) and full terms (Workload Identity Federation, Vertex AI Agent Engine). | 3 / 3 |
Distinctiveness Conflict Risk | Highly specific niche combining GitHub Actions + Vertex AI + GCP + Workload Identity Federation. This is unlikely to conflict with generic CI/CD skills or generic GCP skills due to the very specific combination of technologies and the explicit trigger terms. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
55%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill provides highly actionable, executable content with clear workflow sequences and validation checkpoints for Vertex AI deployments. However, it is severely bloated—validation logic is duplicated across multiple sections, trigger phrases and use cases waste tokens, and the entire content should be split across referenced files rather than presented as a single massive document. The redundancy and verbosity significantly undermine its effectiveness as a skill file.
Suggestions
Remove the 'When This Skill Activates' section entirely (trigger phrases belong in frontmatter, not body content) and cut the 'What This Skill Does' to a single sentence or remove it.
Extract workflow templates into separate files (e.g., templates/deploy.yml, templates/wif-setup.yml, templates/security.yml) and reference them from the main skill with one-line descriptions.
Consolidate the validation rules: show each rule once with the ✅/❌ pattern, then reference a single validation script file instead of repeating validation logic in rules, config validation, and deployment validation sections.
Remove the 'Version History', 'Integration with Other Plugins' (or reduce to a single bullet list), and 'Best Practices Summary' (which duplicates the rules above) to cut at least 30% of token usage.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Extremely verbose at ~400+ lines. Includes unnecessary sections like 'When This Skill Activates' with trigger phrases (Claude doesn't need these in the body), 'What This Skill Does' restating the description, redundant validation rules shown both as rules AND repeated in full template scripts, a 'Version History' section, and extensive 'Integration with Other Plugins' descriptions. The same validation logic appears 3+ times (rules section, agent config validation script, deployment validation script). The 'Best Practices Summary' largely duplicates what was already shown in detail above. | 1 / 3 |
Actionability | Provides fully executable YAML workflow templates, complete Python validation scripts, and specific shell commands. The code examples are copy-paste ready with concrete parameter names, specific action versions, and real GCP role names. Anti-patterns are shown alongside correct patterns with clear ❌/✅ markers. | 3 / 3 |
Workflow Clarity | The deployment workflow template has a clear sequence: checkout → authenticate → setup → validate config → deploy → post-deployment validation → monitoring → test endpoint. Explicit validation checkpoints are present before and after deployment, with the security validation template providing a separate pre-deployment gate. The validation scripts include assertion-based error feedback. | 3 / 3 |
Progressive Disclosure | This is a monolithic wall of content with no references to external files. All validation scripts, workflow templates, and configuration details are inlined. The content would benefit enormously from splitting templates and validation scripts into separate referenced files. The 'References' section at the bottom links to external docs but the skill's own content is not decomposed at all. | 1 / 3 |
Total | 8 / 12 Passed |
Validation
72%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 8 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
skill_md_line_count | SKILL.md is long (556 lines); consider splitting into references/ and linking | Warning |
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 8 / 11 Passed | |
- Commit
c8a915c
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.