npm - @raishin/vanguard-frontier-agentic - Versions diffs - 1.3.0 → 1.4.0 - Mend

@raishin/vanguard-frontier-agentic 1.3.0 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (155) hide show

package/skills/azure/azure-aks-platform-operator/SKILL.md CHANGED Viewed

@@ -1,9 +1,12 @@
 ---
 name: azure-aks-platform-operator
 description: Operate Azure Kubernetes Service with an adversarial production posture. Use for AKS architecture sanity checks, upgrade safety, node-pool strategy, workload identity, network policy, scaling, observability, and operator-readiness reviews.
+allowed-tools: Read Grep Glob
 metadata:
   author: github: Raishin
   version: 0.1.0
+  updated: "2026-05-05"
+  category: platform
 ---
 # Azure AKS Platform Operator

package/skills/azure/azure-app-service-production-readiness/SKILL.md CHANGED Viewed

@@ -1,9 +1,12 @@
 ---
 name: azure-app-service-production-readiness
 description: Review Azure App Service and Web Apps for production readiness across plan tier fit, slots, networking, private ingress, identities, secrets, scaling, diagnostics, resilience, backup, rollback, and operator readiness. Use when a team wants a real go/no-go decision instead of shallow reassurance.
+allowed-tools: Read Grep Glob
 metadata:
   author: github: Raishin
   version: 0.1.0
+  updated: "2026-05-05"
+  category: platform
 ---
 # Azure App Service Production Readiness

package/skills/azure/azure-cosmosdb-application-developer/SKILL.md CHANGED Viewed

@@ -1,9 +1,12 @@
 ---
 name: azure-cosmosdb-application-developer
 description: Use this skill for Azure Cosmos DB application development work, especially NoSQL data modeling, document structure, partition-aware access patterns, point reads, query design, SDK usage, transactional batch scope, consistency-aware reads, change feed integration, and Cosmos DB development guidance.
+allowed-tools: Read Edit Write MultiEdit Grep Glob Bash
 metadata:
   author: github: Raishin
   version: 0.1.0
+  updated: "2026-05-05"
+  category: data
 ---
 # Azure Cosmos DB Application Developer

package/skills/azure/azure-cosmosdb-performance-investigator/SKILL.md CHANGED Viewed

@@ -1,9 +1,12 @@
 ---
 name: azure-cosmosdb-performance-investigator
 description: Use this skill for Azure Cosmos DB performance investigation, especially RU spikes, query latency, throttling, hot partitions, indexing inefficiency, partition-skew analysis, request-charge profiling, diagnostic-log review, and evidence-driven remediation planning.
+allowed-tools: Read Grep Glob WebFetch
 metadata:
   author: github: Raishin
   version: 0.1.0
+  updated: "2026-05-05"
+  category: data
 ---
 # Azure Cosmos DB Performance Investigator

package/skills/azure/azure-cosmosdb-platform-operator/SKILL.md CHANGED Viewed

@@ -1,9 +1,12 @@
 ---
 name: azure-cosmosdb-platform-operator
 description: Use this skill for Azure Cosmos DB platform operations and design review, especially accounts, databases, containers, partition-key design, throughput and RU posture, consistency choices, indexing, throttling, multi-region replication, private connectivity, and Cosmos DB MCP-guided discovery.
+allowed-tools: Read Grep Glob
 metadata:
   author: github: Raishin
   version: 0.1.0
+  updated: "2026-05-05"
+  category: platform
 ---
 # Azure Cosmos DB Platform Operator

package/skills/azure/azure-cost-estimation-review/SKILL.md CHANGED Viewed

@@ -1,9 +1,12 @@
 ---
 name: azure-cost-estimation-review
 description: Review Azure cost estimates, pricing calculator assumptions, SKU and region choices, environment sizing realism, and uncertainty handling using official Microsoft cost-management and Azure MCP pricing documentation only.
+allowed-tools: Read Grep Glob
 metadata:
   author: github: Raishin
   version: 0.1.0
+  updated: "2026-05-05"
+  category: finops
 ---
 # Azure Cost Estimation Review

package/skills/azure/azure-cost-optimization-governor/SKILL.md CHANGED Viewed

@@ -1,9 +1,12 @@
 ---
 name: azure-cost-optimization-governor
 description: Review Azure spend governance, budgets, alerts, cost analysis visibility, reservation and savings-plan awareness, tagging for cost allocation, exports, and FinOps ownership with official Microsoft documentation and Azure MCP evidence where available.
+allowed-tools: Read Grep Glob
 metadata:
   author: github: Raishin
   version: 0.1.0
+  updated: "2026-05-05"
+  category: finops
 ---
 # Azure Cost Optimization Governor

package/skills/azure/azure-entra-id-specialist/SKILL.md CHANGED Viewed

@@ -1,9 +1,12 @@
 ---
 name: azure-entra-id-specialist
 description: Use this skill for Microsoft Entra ID specialist work, especially Conditional Access, authentication methods, MFA and SSPR registration, identity protection, workload identities, app registrations, external identities, agent identities, break-glass posture, and tenant identity control reviews.
+allowed-tools: Read Grep Glob
 metadata:
   author: github: Raishin
   version: 0.1.0
+  updated: "2026-05-05"
+  category: security
 ---
 # Azure Entra ID Specialist

package/skills/azure/azure-governance-policy-guardrails/SKILL.md CHANGED Viewed

@@ -1,9 +1,12 @@
 ---
 name: azure-governance-policy-guardrails
 description: Use this skill for Azure Policy guardrails, initiatives, assignment scope, management-group inheritance, exclusions, remediation risk, tag governance, allowed regions or SKUs, and staged governance rollout reviews.
+allowed-tools: Read Grep Glob
 metadata:
   author: github: Raishin
   version: 0.1.0
+  updated: "2026-05-05"
+  category: compliance
 ---
 # Azure Governance Policy Guardrails

package/skills/azure/azure-identity-governance-review/SKILL.md CHANGED Viewed

@@ -1,9 +1,12 @@
 ---
 name: azure-identity-governance-review
 description: Review Microsoft Entra identity governance posture for Azure operators, with focus on standing versus eligible access, Privileged Identity Management, access reviews, entitlement management, ownership gaps, and least-privilege control patterns.
+allowed-tools: Read Grep Glob
 metadata:
   author: github: Raishin
   version: 0.1.0
+  updated: "2026-05-05"
+  category: compliance
 ---
 # Azure Identity Governance Review

package/skills/azure/azure-key-vault-secret-lifecycle-auditor/SKILL.md CHANGED Viewed

@@ -1,9 +1,12 @@
 ---
 name: azure-key-vault-secret-lifecycle-auditor
 description: Audit Azure Key Vault secret lifecycle posture across RBAC, soft delete, purge protection, rotation, expiration, metadata hygiene, Event Grid notifications, and recovery readiness. Use when the question is whether secret management is actually safe, not just present.
+allowed-tools: Read Grep Glob
 metadata:
   author: github: Raishin
   version: 0.1.0
+  updated: "2026-05-05"
+  category: security
 ---
 # Azure Key Vault Secret Lifecycle Auditor

package/skills/azure/azure-keyvault-certificate-issuer-review/SKILL.md CHANGED Viewed

@@ -1,9 +1,12 @@
 ---
 name: azure-keyvault-certificate-issuer-review
 description: Use this skill when reviewing Azure Key Vault certificate issuer configurations for cert-manager on AKS. Trigger on any request to audit Key Vault certificate policies, Managed Identity role assignments, exportability settings, private endpoint connectivity, integrated CA credentials, or rotation policy alignment.
+allowed-tools: Read Grep Glob
 metadata:
   author: "github: Raishin"
   version: "0.1.0"
+  updated: "2026-05-05"
+  category: security
 ---
 # Azure Key Vault Certificate Issuer Review

package/skills/azure/azure-landing-zone-architect/SKILL.md CHANGED Viewed

@@ -1,9 +1,12 @@
 ---
 name: azure-landing-zone-architect
 description: Use this skill for Azure landing-zone design, management-group and subscription hierarchy reviews, platform-versus-application boundary decisions, or multi-subscription Azure platform architecture critiques that span governance, identity, networking, security, and operations.
+allowed-tools: Read Grep Glob
 metadata:
   author: github: Raishin
   version: 0.1.0
+  updated: "2026-05-05"
+  category: compliance
 ---
 # Azure Landing Zone Architect

package/skills/azure/azure-live-aks-rollout-guard/SKILL.md CHANGED Viewed

@@ -1,9 +1,12 @@
 ---
 name: azure-live-aks-rollout-guard
 description: Guard live AKS deployment rollouts with PDB audit, maxUnavailable/surge validation, rollout pause/undo gates, and post-rollout health verification.
+allowed-tools: Read Grep Glob WebFetch
 metadata:
   author: "github: Raishin"
   version: "0.1.0"
+  updated: "2026-05-05"
+  category: delivery
 ---
 # Azure Live AKS Rollout Guard

package/skills/azure/azure-live-app-service-slot-swap-guard/SKILL.md CHANGED Viewed

@@ -1,9 +1,12 @@
 ---
 name: azure-live-app-service-slot-swap-guard
 description: Guard live App Service slot swaps with sticky-settings audit, warmup probe verification, swap-with-preview staging, and instant rollback posture.
+allowed-tools: Read Grep Glob WebFetch
 metadata:
   author: "github: Raishin"
   version: "0.1.0"
+  updated: "2026-05-05"
+  category: delivery
 ---
 # Azure Live App Service Slot Swap Guard

package/skills/azure/azure-live-arm-deployment-stack-guard/SKILL.md CHANGED Viewed

@@ -1,9 +1,12 @@
 ---
 name: azure-live-arm-deployment-stack-guard
 description: Guard live ARM, Bicep, and Deployment Stack changes with what-if evidence, denySettings review, changeset diff, rollback posture, and approval gates.
+allowed-tools: Read Grep Glob WebFetch
 metadata:
   author: "github: Raishin"
   version: "0.1.0"
+  updated: "2026-05-05"
+  category: delivery
 ---
 # Azure Live ARM Deployment Stack Guard

package/skills/azure/azure-live-cost-budget-action-guard/SKILL.md CHANGED Viewed

@@ -1,9 +1,12 @@
 ---
 name: azure-live-cost-budget-action-guard
 description: Gate Azure budget action changes and GPU/HPC SKU provisioning against approved spend limits, with quota audits and emergency spend-stop playbooks.
+allowed-tools: Read Grep Glob WebFetch
 metadata:
   author: "github: Raishin"
   version: "0.1.0"
+  updated: "2026-05-05"
+  category: finops
 ---
 # Azure Live Cost Budget Action Guard

package/skills/azure/azure-live-entra-role-assignment-guard/SKILL.md CHANGED Viewed

@@ -1,9 +1,12 @@
 ---
 name: azure-live-entra-role-assignment-guard
 description: Guard live permanent Microsoft Entra ID and Azure RBAC role assignments with scope audit, principal-type risk classification, dangerous-role detection, and explicit approval gates before write. Use only when a direct (non-PIM) role assignment is intentionally requested against a confirmed target.
+allowed-tools: Read Grep Glob WebFetch
 metadata:
   author: "github: Raishin"
   version: "0.1.0"
+  updated: "2026-05-05"
+  category: security
 ---
 # Azure Live Entra Role Assignment Guard

package/skills/azure/azure-live-keyvault-rotation-purge-guard/SKILL.md CHANGED Viewed

@@ -1,9 +1,12 @@
 ---
 name: azure-live-keyvault-rotation-purge-guard
 description: Guard Key Vault key rotation, rotation policy changes, soft-delete enforcement, and purge-protection enablement with irreversibility warnings and rollback evidence.
+allowed-tools: Read Grep Glob WebFetch
 metadata:
   author: "github: Raishin"
   version: "0.1.0"
+  updated: "2026-05-05"
+  category: security
 ---
 # Azure Live Key Vault Rotation Purge Guard

package/skills/azure/azure-live-pim-jit-activation-guard/SKILL.md CHANGED Viewed

@@ -1,9 +1,12 @@
 ---
 name: azure-live-pim-jit-activation-guard
 description: Gate Entra ID PIM eligible role activations with justification, MFA, ticket binding, time-bound scope, and approval workflow gates before any privileged Azure role becomes active.
+allowed-tools: Read Grep Glob WebFetch
 metadata:
   author: "github: Raishin"
   version: "0.1.0"
+  updated: "2026-05-05"
+  category: security
 ---
 # Azure Live PIM JIT Activation Guard

package/skills/azure/azure-maestro/SKILL.md CHANGED Viewed

@@ -1,9 +1,12 @@
 ---
 name: azure-maestro
 description: Use this skill to classify a user task, select the right Azure specialist agent or team of specialists from the catalog, and dispatch them. Single specialist for focused single-domain tasks; parallel team (max 4) for tasks that span multiple domains. Never auto-dispatches live-guard agents — those always pause for human confirmation.
+allowed-tools: Agent Skill Read Grep Glob
 metadata:
   author: github: Raishin
   version: 0.1.0
+  updated: "2026-05-05"
+  category: ai
 ---
 # Azure Maestro

package/skills/azure/azure-migrate-landing-zone-cutover/SKILL.md CHANGED Viewed

@@ -1,9 +1,12 @@
 ---
 name: azure-migrate-landing-zone-cutover
 description: Plan and stress-test Azure migration cutovers across landing-zone readiness, Azure Migrate assessments, dependency sequencing, permissions, rollback, and operational ownership. Use when a migration plan needs a go/no-go verdict instead of vague optimism.
+allowed-tools: Read Grep Glob
 metadata:
   author: github: Raishin
   version: 0.1.0
+  updated: "2026-05-05"
+  category: compliance
 ---
 # Azure Migrate Landing Zone Cutover

package/skills/azure/azure-network-topology-review/SKILL.md CHANGED Viewed

@@ -1,9 +1,12 @@
 ---
 name: azure-network-topology-review
 description: Use this skill for Azure network architecture review, hub-spoke critique, routing and DNS dependency analysis, shared-services boundary decisions, firewall placement review, and landing-zone connectivity guidance.
+allowed-tools: Read Grep Glob
 metadata:
   author: github: Raishin
   version: 0.1.0
+  updated: "2026-05-05"
+  category: networking
 ---
 # Azure Network Topology Review

package/skills/azure/azure-observability-investigator/SKILL.md CHANGED Viewed

@@ -1,9 +1,12 @@
 ---
 name: azure-observability-investigator
 description: Use this skill for Azure Monitor, Log Analytics, Application Insights, alerting, KQL triage, telemetry-gap analysis, workbooks, or operator-grade incident and posture investigations.
+allowed-tools: Read Grep Glob WebFetch
 metadata:
   author: github: Raishin
   version: 0.1.0
+  updated: "2026-05-05"
+  category: observability
 ---
 # Azure Observability Investigator

package/skills/azure/azure-platform-automation-devops/SKILL.md CHANGED Viewed

@@ -1,9 +1,12 @@
 ---
 name: azure-platform-automation-devops
 description: Design and review Azure platform automation and DevOps delivery for landing zones, shared platform services, and safe infrastructure rollout flows. Use for IaC approach selection, Bicep versus Terraform positioning, bootstrap/run phase separation, pipeline control design, secret-handling posture, and rollout validation gates.
+allowed-tools: Read Grep Glob
 metadata:
   author: github: Raishin
   version: 0.1.0
+  updated: "2026-05-05"
+  category: delivery
 ---
 # Azure Platform Automation DevOps

package/skills/azure/azure-private-endpoint-adoption-planner/SKILL.md CHANGED Viewed

@@ -1,9 +1,12 @@
 ---
 name: azure-private-endpoint-adoption-planner
 description: Use this skill for Azure Private Link and private endpoint adoption planning, including hub-versus-spoke placement, private DNS zone linkage, route implications, centralized versus workload-local endpoint trade-offs, and safe rollout validation.
+allowed-tools: Read Grep Glob WebFetch
 metadata:
   author: github: Raishin
   version: 0.1.0
+  updated: "2026-05-05"
+  category: networking
 ---
 # Azure Private Endpoint Adoption Planner

package/skills/azure/azure-rbac-review/SKILL.md CHANGED Viewed

@@ -1,9 +1,12 @@
 ---
 name: azure-rbac-review
 description: Use this skill for Azure RBAC, Entra-backed access, role assignment, custom role, scope, subscription, management group, or least-privilege review tasks. Trigger when the user asks whether Azure access is too broad or how to grant access safely.
+allowed-tools: Read Grep Glob
 metadata:
   author: github: Raishin
   version: 0.1.0
+  updated: "2026-05-05"
+  category: security
 ---
 # Azure RBAC Review

package/skills/azure/azure-resilience-bcdr-review/SKILL.md CHANGED Viewed

@@ -1,9 +1,12 @@
 ---
 name: azure-resilience-bcdr-review
 description: Use this skill for Azure resilience, business continuity, and disaster recovery reviews covering RTO/RPO realism, failover and failback assumptions, shared-responsibility gaps, and recovery runbook or drill quality.
+allowed-tools: Read Grep Glob
 metadata:
   author: github: Raishin
   version: 0.1.0
+  updated: "2026-05-05"
+  category: resilience
 ---
 # Azure Resilience BCDR Review

package/skills/azure/azure-resource-health-incident-triage/SKILL.md CHANGED Viewed

@@ -1,9 +1,12 @@
 ---
 name: azure-resource-health-incident-triage
 description: Use this skill for Azure Resource Health, Service Health, activity-log alert, and first-pass incident triage when the question is whether Azure platform health is part of the problem.
+allowed-tools: Read Grep Glob
 metadata:
   author: github: Raishin
   version: 0.1.0
+  updated: "2026-05-05"
+  category: observability
 ---
 # Azure Resource Health Incident Triage

package/skills/azure/azure-role-selector/SKILL.md CHANGED Viewed

@@ -1,9 +1,12 @@
 ---
 name: azure-role-selector
 description: Use this skill when the user asks which Azure role to assign, how to grant minimum access, whether a built-in role is sufficient, or when a custom role may be required.
+allowed-tools: Read Grep Glob
 metadata:
   author: github: Raishin
   version: 0.1.0
+  updated: "2026-05-05"
+  category: compliance
 ---
 # Azure Role Selector

package/skills/azure/azure-security-posture-hardening/SKILL.md CHANGED Viewed

@@ -1,9 +1,12 @@
 ---
 name: azure-security-posture-hardening
 description: Use this skill for Azure security posture review, baseline hardening, managed identity adoption, Key Vault posture, private access decisions, Azure Policy guardrails, and logging or audit gap analysis. Trigger when the user asks how to harden an Azure workload or platform without defaulting to broad access or public exposure.
+allowed-tools: Read Grep Glob
 metadata:
   author: github: Raishin
   version: 0.1.0
+  updated: "2026-05-05"
+  category: security
 ---
 # Azure Security Posture Hardening

package/skills/azure/azure-subscription-resource-organization/SKILL.md CHANGED Viewed

@@ -1,9 +1,12 @@
 ---
 name: azure-subscription-resource-organization
 description: Use this skill for Azure management-group hierarchy, subscription placement, resource-group boundary, and platform-versus-workload ownership decisions that affect governance, operations, and landing-zone scale.
+allowed-tools: Read Grep Glob
 metadata:
   author: github: Raishin
   version: 0.1.0
+  updated: "2026-05-05"
+  category: compliance
 ---
 # Azure Subscription Resource Organization

package/skills/backstage/backstage-scaffolder-template-review/SKILL.md CHANGED Viewed

@@ -1,9 +1,12 @@
 ---
 name: backstage-scaffolder-template-review
 description: Use this skill when reviewing Backstage Scaffolder software templates. Trigger when the user asks whether a template is safe for developer self-service, whether template RBAC gates are in place, whether input parameters are validated, whether a step action has excessive blast radius, or whether template outputs expose secrets.
+allowed-tools: Read Grep Glob
 metadata:
   author: "github: Raishin"
   version: "0.1.0"
+  updated: "2026-05-05"
+  category: delivery
 ---
 # Backstage Scaffolder Template Review

package/skills/cert-manager/cert-manager-issuer-trust-review/SKILL.md CHANGED Viewed

@@ -1,9 +1,12 @@
 ---
 name: cert-manager-issuer-trust-review
 description: Use this skill when reviewing cert-manager PKI configuration for Kubernetes clusters. Trigger when the user asks about Issuer or ClusterIssuer scope, CertificateRequestPolicy coverage, certificate SAN or duration risks, trust-manager bundle distribution, SPIFFE mesh CA integration, cert-manager webhook health, or cloud CA authentication method.
+allowed-tools: Read Grep Glob
 metadata:
   author: "github: Raishin"
   version: "0.1.0"
+  updated: "2026-05-05"
+  category: security
 ---
 # cert-manager Issuer Trust Review

package/skills/cilium/cilium-network-policy-review/SKILL.md CHANGED Viewed

@@ -1,9 +1,12 @@
 ---
 name: cilium-network-policy-review
 description: Use this skill for Cilium network policy review across the three policy formats (Kubernetes NetworkPolicy, CiliumNetworkPolicy, CiliumClusterwideNetworkPolicy), L7 policy via embedded Envoy, ClusterMesh cross-cluster semantics, Hubble flow observability, and CiliumEgressGatewayPolicy. Trigger when the user asks whether a network policy is too broad, whether default-deny is in place, whether L7 rules will actually be enforced, whether ClusterMesh policy semantics are correct, or whether an egress gateway IP collision is possible.
+allowed-tools: Read Grep Glob
 metadata:
   author: "github: Raishin"
   version: "0.1.0"
+  updated: "2026-05-05"
+  category: security
 ---
 # Cilium Network Policy Review

package/skills/falco/falco-runtime-threat-rules-review/SKILL.md CHANGED Viewed

@@ -1,9 +1,12 @@
 ---
 name: falco-runtime-threat-rules-review
 description: Use this skill when reviewing Falco rules files, falco.yaml configuration, or runtime security posture for a Kubernetes workload. Trigger when a user provides Falco rules YAML, asks whether their Falco setup covers a specific threat, questions rule exception scope, or wants to validate that Falco alert output reaches their SIEM or incident response pipeline.
+allowed-tools: Read Grep Glob
 metadata:
   author: "github: Raishin"
   version: "0.1.0"
+  updated: "2026-05-05"
+  category: security
 ---
 # Falco Runtime Threat Rules Review

package/skills/finops/finops-cloud-price-advisor/SKILL.md CHANGED Viewed

@@ -1,9 +1,12 @@
 ---
 name: finops-cloud-price-advisor
 description: Fetch live public prices and build cost estimates for AWS, Azure, and OCI using each cloud's public pricing API. Supports live-environment cost analysis (current resource inventory) and prototype cost planning (planned architecture spec). Currency defaults to USD; other currencies on request.
+allowed-tools: Read Grep Glob WebFetch
 metadata:
   author: "github: Raishin"
   version: "0.1.0"
+  updated: "2026-05-05"
+  category: finops
 ---
 # FinOps Cloud Price Advisor

package/skills/fluxcd/fluxcd-kustomization-helmrelease-review/SKILL.md CHANGED Viewed

@@ -1,9 +1,12 @@
 ---
 name: fluxcd-kustomization-helmrelease-review
 description: Use this skill when reviewing FluxCD Kustomization, HelmRelease, GitRepository, HelmRepository, or OCIRepository resources. Trigger when the user asks whether a Flux configuration is safe for production, whether SOPS encryption is required, whether prune is safe on a given workload, whether commit signature verification is enabled, or whether a Flux multi-tenant setup uses least-privilege ServiceAccounts.
+allowed-tools: Read Grep Glob
 metadata:
   author: "github: Raishin"
   version: "0.1.0"
+  updated: "2026-05-05"
+  category: delivery
 ---
 # FluxCD Kustomization and HelmRelease Review

package/skills/istio/istio-ambient-mesh-review/SKILL.md CHANGED Viewed

@@ -1,9 +1,12 @@
 ---
 name: istio-ambient-mesh-review
 description: Use this skill for Istio service mesh review across both sidecar mode and ambient mode (ztunnel L4 + optional waypoint L7). Covers PeerAuthentication, AuthorizationPolicy, RequestAuthentication, Gateway, VirtualService, DestinationRule, Sidecar, and waypoint placement. Trigger when the user asks whether an Istio policy is correct, whether mTLS is strict, whether L7 AuthorizationPolicy will actually be enforced in ambient mode, or whether a mesh-wide PeerAuthentication change is safe.
+allowed-tools: Read Grep Glob
 metadata:
   author: "github: Raishin"
   version: "0.1.0"
+  updated: "2026-05-05"
+  category: security
 ---
 # Istio Ambient Mesh Review

package/skills/kubernetes/external-secrets-operator-review/SKILL.md CHANGED Viewed

@@ -1,9 +1,12 @@
 ---
 name: external-secrets-operator-review
 description: Use this skill when reviewing External Secrets Operator (ESO) configuration, including SecretStore, ClusterSecretStore, ExternalSecret, and PushSecret resources. Trigger when a user provides ESO YAML manifests, asks about secret rotation interval compliance, questions whether ClusterSecretStore scope is too broad, or wants to audit the auth method used to reach an external secret store (AWS Secrets Manager, Azure Key Vault, GCP Secret Manager, HashiCorp Vault, 1Password).
+allowed-tools: Read Grep Glob
 metadata:
   author: "github: Raishin"
   version: "0.1.0"
+  updated: "2026-05-05"
+  category: security
 ---
 # External Secrets Operator Review

package/skills/kubernetes/kubecost-chargeback-allocation-review/SKILL.md CHANGED Viewed

@@ -1,9 +1,12 @@
 ---
 name: kubecost-chargeback-allocation-review
 description: Use this skill when reviewing a Kubecost or OpenCost installation for enterprise chargeback readiness. Trigger when the user asks whether cost allocation is accurate, whether label taxonomy is complete enough for chargeback, whether idle cost is properly attributed, whether the cost API is secured, or whether savings recommendations are being actioned.
+allowed-tools: Read Grep Glob
 metadata:
   author: "github: Raishin"
   version: "0.1.0"
+  updated: "2026-05-05"
+  category: finops
 ---
 # Kubecost Chargeback and Allocation Review

package/skills/kubernetes/kubernetes-live-rbac-mutation-guard/SKILL.md CHANGED Viewed

@@ -1,9 +1,12 @@
 ---
 name: kubernetes-live-rbac-mutation-guard
 description: Guard live kubectl apply, create, or delete operations on Kubernetes RBAC objects — Roles, ClusterRoles, RoleBindings, ClusterRoleBindings — with privilege-escalation verb detection, scope assessment, current-state diff, and explicit approval before any write. Use only when an intentional RBAC mutation is requested against a confirmed cluster target.
+allowed-tools: Read Grep Glob WebFetch
 metadata:
   author: "github: Raishin"
   version: "0.1.0"
+  updated: "2026-05-05"
+  category: security
 ---
 # Kubernetes Live RBAC Mutation Guard

package/skills/kubernetes/kubernetes-maestro/SKILL.md CHANGED Viewed

@@ -1,9 +1,12 @@
 ---
 name: kubernetes-maestro
 description: Route Kubernetes tasks to the narrowest specialist or team of specialists from the catalog. Use when you do not already know the specialist. Not for direct Kubernetes answers; Maestro classifies, dispatches, and synthesizes only. Dispatches single agent for focused tasks, parallel team (max 4) for multi-domain tasks. Never auto-dispatches live-guard agents — requires explicit human confirmation with blast-radius and rollback before routing to any live mutation specialist.
+allowed-tools: Agent Skill Read Grep Glob
 metadata:
   author: "github: Raishin"
   version: "0.1.0"
+  updated: "2026-05-05"
+  category: ai
 ---
 # Kubernetes Maestro — Routing Skill

package/skills/kubernetes/kubernetes-pod-security-admission-review/SKILL.md CHANGED Viewed

@@ -1,9 +1,12 @@
 ---
 name: kubernetes-pod-security-admission-review
 description: Use this skill for Kubernetes Pod Security Admission (PSA) review covering namespace labels for the three profiles (privileged, baseline, restricted), enforce/audit/warn modes, version pinning, and the migration path from deprecated PodSecurityPolicy. Trigger when the user asks whether a namespace label flip is safe, whether a workload meets a stricter profile, whether the audit/warn modes should be promoted to enforce, or whether an exemption is justified.
+allowed-tools: Read Grep Glob
 metadata:
   author: "github: Raishin"
   version: "0.1.0"
+  updated: "2026-05-05"
+  category: security
 ---
 # Kubernetes Pod Security Admission Review

package/skills/kubernetes/kubernetes-pod-spec-review/SKILL.md CHANGED Viewed

@@ -1,9 +1,12 @@
 ---
 name: kubernetes-pod-spec-review
 description: Use this skill when reviewing a Kubernetes Pod spec, Deployment spec, or StatefulSet spec for correctness, security posture, and production-readiness. Trigger on any request to audit, validate, or score a workload manifest.
+allowed-tools: Read Grep Glob
 metadata:
   author: "github: Raishin"
   version: "0.1.0"
+  updated: "2026-05-05"
+  category: platform
 ---
 # Kubernetes Pod Spec Review