CtrlK
BlogDocsLog inGet started
Tessl Logo

secrets-management

Implement secure secrets management for CI/CD pipelines using Vault, AWS Secrets Manager, or native platform solutions. Use when handling sensitive credentials, rotating secrets, or securing CI/CD environments.

68

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Advisory

Suggest reviewing before use

SKILL.md
Quality
Evals
Security

Quality

Content

65%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The content is highly actionable with broad, executable examples across tools, but it leans verbose and monolithic rather than progressively disclosed, and it cites reference files that are absent from the bundle. Workflow guidance lacks consistent validation for destructive operations.

Suggestions

Move the per-tool catalog and extended examples into reference files (e.g., references/vault-setup.md, references/github-secrets.md) and actually create those files so the inline 'See ...' pointers resolve.

Trim the tool feature bullet lists and the redundant intro line; keep only guidance Claude would not already know.

Add explicit validation/error-handling checkpoints to the automated rotation example and any destructive workflow (verify the new credential works, then revoke the old one).

DimensionReasoningScore

Conciseness

The body is mostly actionable code, but the per-tool feature bullet lists ('Centralized secrets management', 'Dynamic secrets generation', etc.) restate concepts Claude already knows and the intro line restates the description; it could be tightened.

2 / 3

Actionability

It provides numerous concrete, executable, copy-paste-ready examples across bash, GitHub Actions/GitLab YAML, Terraform HCL, Python Lambda, and Kubernetes manifests.

3 / 3

Workflow Clarity

Sequences exist (e.g., the numbered Manual Rotation Process with a 'Verify functionality' step), but the destructive automated-rotation Python example has no validation or error handling, so checkpoints are present-but-gappy.

2 / 3

Progressive Disclosure

The file is a ~350-line monolithic catalog with content that should be split into references; the two cited reference files (references/vault-setup.md, references/github-secrets.md) do not exist in the bundle.

2 / 3

Total

9

/

12

Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description is strong: it states concrete capabilities with named tools, includes an explicit 'Use when...' trigger covering natural user phrasing, and occupies a distinct niche. It uses third-person/imperative voice with no over-claims.

DimensionReasoningScore

Specificity

It names concrete actions ('Implement secure secrets management', 'rotating secrets') and enumerates specific concrete tools ('Vault, AWS Secrets Manager, or native platform solutions'), matching the 'lists multiple specific concrete actions' anchor.

3 / 3

Completeness

It clearly answers both 'what' (implement secure secrets management for CI/CD pipelines using named tools) and 'when' via an explicit 'Use when...' trigger clause.

3 / 3

Trigger Term Quality

The 'Use when handling sensitive credentials, rotating secrets, or securing CI/CD environments' clause provides natural terms users would actually say, with good coverage of common variations.

3 / 3

Distinctiveness Conflict Risk

'Secrets management for CI/CD pipelines' is a clear niche with distinct triggers (credentials, rotation, CI/CD environments), unlikely to fire for unrelated skills.

3 / 3

Total

12

/

12

Passed

Validation

93%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation15 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

referenced_paths_exist

Referenced path issues: 2 missing

Warning

Total

15

/

16

Passed

Repository
wshobson/agents
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.