CtrlK
CommunityDocumentationLog inGet started
Tessl Logo

gh-actions-validator

tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill gh-actions-validator
github.com/jeremylongshore/claude-code-plugins-plus-skills

Validate use when validating GitHub Actions workflows for Google Cloud and Vertex AI deployments. Trigger with phrases like "validate github actions", "setup workload identity federation", "github actions security", "deploy agent with ci/cd", or "automate vertex ai deployment". Enforces Workload Identity Federation (WIF), validates OIDC permissions, ensures least privilege IAM, and implements security best practices.

Review Score

67%

Validation Score

13/16

Implementation Score

35%

Activation Score

100%

SKILL.md
Review
Evals

Generated

Validation

Total

13/16

Score

Passed
CriteriaScore

allowed_tools_field

'allowed-tools' contains unusual tool name(s)

metadata_version

'metadata' field is not a dictionary

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Implementation

Suggestions 4

Score

35%

Overall Assessment

This skill provides a reasonable structure for GitHub Actions validation but fails to deliver actionable, executable guidance. The instructions are abstract descriptions rather than concrete commands, the output section shows incomplete code fragments, and critical security validation workflows lack explicit checkpoints. The skill over-relies on external references without providing sufficient standalone value.

Suggestions

  • Replace the abstract instruction list with executable commands and complete code examples (e.g., actual gcloud commands for WIF setup, complete workflow YAML files)
  • Complete the 'Output' section with a full, copy-paste ready GitHub Actions workflow file that demonstrates all security best practices
  • Add explicit validation commands after each step (e.g., 'Verify WIF with: gcloud iam workload-identity-pools describe...')
  • Include inline examples of common security issues to detect and their fixes, rather than delegating entirely to examples.md
DimensionScoreReasoning

Conciseness

2/3

The skill includes some unnecessary padding like the verbose prerequisites section explaining concepts Claude already knows (e.g., 'Understanding of Workload Identity Federation concepts'). The instructions are reasonably brief but could be tighter.

Actionability

1/3

The skill provides vague, abstract guidance without executable code or commands. The 'Output' section shows incomplete YAML fragments that aren't copy-paste ready, and the instructions are high-level descriptions rather than concrete steps with actual commands.

Workflow Clarity

2/3

Steps are listed in sequence but lack validation checkpoints and feedback loops. For security-critical operations like WIF setup and deployment validation, there are no explicit verification steps or error recovery guidance between steps.

Progressive Disclosure

2/3

References to external files (errors.md, examples.md, wif-setup.md) are present, but the main content is thin and delegates too much to external files without providing sufficient actionable content in the skill itself. The overview doesn't give enough to get started.

Activation

Score

100%

Overall Assessment

This is a well-crafted skill description that excels across all dimensions. It provides specific technical capabilities, includes natural trigger phrases users would actually say, explicitly addresses both what and when, and carves out a distinct niche at the intersection of GitHub Actions and Google Cloud security validation.

DimensionScoreReasoning

Specificity

3/3

Lists multiple specific concrete actions: 'Enforces Workload Identity Federation (WIF)', 'validates OIDC permissions', 'ensures least privilege IAM', and 'implements security best practices'. These are concrete, actionable capabilities.

Completeness

3/3

Clearly answers both what (validates workflows, enforces WIF, validates OIDC, ensures IAM) AND when ('Trigger with phrases like...' provides explicit trigger guidance). The 'Use when validating' clause at the start also establishes context.

Trigger Term Quality

3/3

Excellent coverage of natural trigger phrases users would say: 'validate github actions', 'setup workload identity federation', 'github actions security', 'deploy agent with ci/cd', 'automate vertex ai deployment'. These match real user language patterns.

Distinctiveness Conflict Risk

3/3

Highly specific niche combining GitHub Actions + Google Cloud/Vertex AI + security validation. The combination of WIF, OIDC, and Vertex AI deployment creates a distinct trigger profile unlikely to conflict with general CI/CD or cloud skills.