@raishin/vanguard-frontier-agentic 2.0.0 → 2.1.0

package/skills/qa/ci-test-pipeline-review/references/workflow-and-output.md

@@ -0,0 +1,124 @@
+# Workflow and Output Contract
+
+## Workflow
+
+### Step 1 — Collect inputs
+
+Ask the user to provide one or more of the following as sanitized files (no CI secrets, no deploy keys, no registry tokens — replace with placeholders):
+- The CI workflow file(s) that run tests (`.github/workflows/*.yml`, `.gitlab-ci.yml`, `.circleci/config.yml`, `Jenkinsfile`)
+- The branch-protection / merge-rule configuration, if available (which checks are required to merge)
+- Any reusable workflow or composite action the test job calls
+- Optional: a recent pipeline run summary showing job durations
+
+If branch-protection configuration is not provided, required-check findings are stated as `inference` — say so and ask for it.
+
+### Step 2 — Gating audit
+
+Confirm the test step can actually fail the build.
+
+```yaml
+# CRITICAL — test failures are swallowed; the job is always green
+- run: npm test || true
+
+# CRITICAL — step failure does not fail the job
+- run: npm test
+  continue-on-error: true
+```
+Scan for every escape hatch: `|| true`, `continue-on-error: true`, `set +e`, `; exit 0`, a test command piped so its exit code is lost (`npm test | tee log`), or a soft/optional/advisory check label. Any of these on the test step is CRITICAL — the suite runs, looks green, and verifies nothing.
+
+### Step 3 — Merge-gate placement audit
+
+Confirm tests run on the pull-request merge gate, not only after merge.
+
+- Tests triggered only on `push` to main, on a schedule, or in a nightly job → HIGH. Regressions are then detected after they are already on the protected branch.
+- Tests run on `pull_request` but the job is not in the repo's required status checks → HIGH (or `inference` if branch protection is not provided). The run is advisory; a red PR can still merge.
+- Recommended: the test job runs on `pull_request` and is a required status check; merges queue behind a green run.
+
+### Step 4 — Speed and sharding audit
+
+Review wall-clock time on the merge gate.
+
+- A large suite in a single job with no sharding, where the job duration is long enough that developers complain or route around it → HIGH. Recommend a shard matrix:
+```yaml
+strategy:
+  fail-fast: false
+  matrix:
+    shard: [1, 2, 3, 4]
+steps:
+  - run: npx playwright test --shard=${{ matrix.shard }}/4
+```
+- `workers`/parallelism pinned to 1 with no reason → MEDIUM.
+- Dependency or build cache missing, or keyed without the lockfile hash → MEDIUM: stale caches produce non-reproducible results.
+
+### Step 5 — Fail-fast and matrix audit
+
+- `fail-fast: true` (the default on GitHub Actions matrices) on a test shard matrix → MEDIUM. The first shard failure cancels the others, so a developer sees "1 shard failed" when 3 did, fixes one cause, re-runs, and discovers the next. Set `fail-fast: false` for test matrices so every shard reports.
+- No `concurrency` group with `cancel-in-progress` on PR runs → LOW: superseded commits keep burning runners.
+
+### Step 6 — Artifact and observability audit
+
+- No upload of test results (JUnit XML) and failure artifacts (traces, screenshots, videos, logs) → HIGH. A CI-only failure is then undebuggable; engineers re-run blindly hoping for green.
+- Artifacts uploaded only on success, or retention too short to investigate → MEDIUM.
+- Recommended: upload JUnit XML always, and traces/screenshots/logs `if: failure()`.
+
+### Step 7 — Quarantine-lane audit
+
+If a flaky-test quarantine mechanism exists in CI:
+- Quarantined tests excluded from the gate but with **no scheduled non-blocking run** → HIGH: the tests never execute again and the coverage is silently lost.
+- Quarantine with no tracking issue and no owner → HIGH (consistent with the flakiness-triage skill).
+- Recommended: quarantined tests run in a separate non-blocking job on every PR or on a schedule, their results visible, each with an owner and a fix deadline.
+
+### Step 8 — Security audit
+
+- Test jobs triggered by `pull_request_target` that check out and execute PR-author code with secrets in scope → CRITICAL. A fork PR can exfiltrate secrets. Flag and stop.
+- Secrets passed to test jobs that run on fork PRs → CRITICAL.
+- Long-lived credentials where OIDC / short-lived tokens would work → MEDIUM.
+
+### Step 9 — Produce the output
+
+Format findings using the Output section below.
+
+---
+
+## Output
+
+Return findings in this structure:
+
+```
+## Verdict
+<one sentence: pipeline gates merges / suite runs but gates nothing / mixed>
+
+## Evidence level
+<CI config + branch protection provided | CI config only | documentation-based | inference>
+
+## Findings
+
+### CRITICAL
+- [C1] <finding>: <description> — <remediation>
+
+### HIGH
+- [H1] <finding>: <description> — <remediation>
+
+### MEDIUM
+- [M1] <finding>: <description> — <remediation>
+
+### LOW
+- [L1] <finding>: <description> — <remediation>
+
+## Safe next actions
+1. <action>
+2. <action>
+
+## Open questions
+- <question requiring user clarification>
+```
+
+---
+
+## Security notes
+
+- Never request or accept CI secrets, deploy keys, or registry tokens. Ask for workflow files with placeholders.
+- This is a static review: do not trigger pipelines, dispatch workflows, or contact CI.
+- A test step with a soft-failure escape hatch (`|| true`, `continue-on-error`) is the highest-impact finding possible — the entire suite is decorative. Lead with it.
+- `pull_request_target` running PR-author code with secrets in scope is a real exfiltration path; treat it as CRITICAL and tell the user to stop merging through that pipeline until it is fixed.
+- Do not recommend making a flaky check non-blocking as the fix — that converts a known problem into an invisible one. Recommend quarantine with a scheduled run and an owner.

package/skills/qa/helm-chart-quality-review/SKILL.md

@@ -0,0 +1,61 @@
+---
+name: helm-chart-quality-review
+description: Use this skill when a user provides a Helm chart or asks to review Helm chart quality, security, or testability — including Chart.yaml, values.yaml, templates/, tests/, or chart-testing CI configuration.
+allowed-tools: Read Grep Glob
+metadata:
+  author: "github: Raishin"
+  version: "0.1.0"
+  updated: "2026-05-17"
+  category: delivery
+  lifecycle: experimental
+---
+
+# Helm Chart Quality Review
+
+## Purpose
+This skill reviews Helm chart source for quality, security, and testability defects. It reads chart files statically — Chart.yaml, values.yaml, values.schema.json, templates/, tests/, and CI configuration — without installing the chart or contacting a Kubernetes cluster. The review surfaces defects that allow bad workloads to be deployed silently: insecure container security contexts, missing resource governance, absent health probes, RBAC over-permission, hardcoded or default credentials, and missing helm test coverage.
+
+## Lean operating rules
+- Treat `privileged: true`, `capabilities.add: [ALL]` or any combination that grants root-equivalent privileges as CRITICAL — stop and flag before continuing.
+- Treat `hostNetwork: true`, `hostPID: true`, or `hostIPC: true` as CRITICAL — these give a container visibility into the node's network stack, process table, or IPC namespace.
+- Treat secrets rendered inline in a ConfigMap (not a Secret resource) as CRITICAL — plain-text secrets are visible to any workload that can read ConfigMaps in the namespace.
+- Treat a `ClusterRoleBinding` to the `default` service account as CRITICAL — any workload in the namespace inherits cluster-scoped access.
+- Treat `capabilities.add: [SYS_ADMIN]` or `[NET_ADMIN]` as CRITICAL — these grant near-root kernel capabilities.
+- Treat hardcoded `:latest` image tags without override capability as HIGH — breaks reproducibility and makes rollback unreliable.
+- Treat `securityContext.runAsRoot: true` or the absence of `runAsNonRoot` on pod or container spec as HIGH — workloads should not run as UID 0.
+- Treat `allowPrivilegeEscalation` not explicitly set to `false` as HIGH — a child process can gain more privileges than the parent.
+- Treat cluster-scoped RBAC roles where namespace-scoped would suffice as HIGH — blast radius of a compromise is the entire cluster.
+- Treat `serviceAccount.automountServiceAccountToken` not set to `false` when the workload does not call the Kubernetes API as HIGH — the token is mounted unnecessarily and exploitable.
+- Treat missing `resources.requests` and `resources.limits` on every container as HIGH — without limits, a misbehaving pod can trigger node over-subscription and OOM kills on neighbours.
+- Treat missing `livenessProbe` or `readinessProbe` as HIGH — rolling updates proceed blind; a pod stuck in a failed state can be sent live traffic.
+- Treat sensitive default credential values (`admin`, `password`, empty string) in values.yaml as CRITICAL — users forget to override defaults and ship them to production.
+- Treat the absence of `values.schema.json` when required values carry no type or pattern constraint as MEDIUM — `helm install` accepts arbitrary input with no validation.
+- Treat missing `readOnlyRootFilesystem: true` as MEDIUM — a container with a writable root filesystem can modify its own binaries or drop exploit payloads.
+- Treat missing `startupProbe` for slow-starting containers as MEDIUM — liveness checks kill containers that need more startup time, causing crash loops.
+- Treat no `PodDisruptionBudget` for stateful or singleton workloads as MEDIUM — node drains can take the workload to zero replicas.
+- Treat no `HorizontalPodAutoscaler` where the workload is expected to scale as LOW.
+- Treat probe timeouts or failure thresholds at defaults with no tuning rationale as LOW.
+- Treat no `NOTES.txt` as LOW — users have no post-install guidance.
+- Treat a chart version that is not semver-compliant as LOW.
+- Treat `tests/` that contain only pod-existence checks and no service reachability or functional assertion as LOW — existence proves the pod started, not that the service works.
+- Treat no `tests/` directory at all as MEDIUM — helm test integration is absent.
+- Treat no CI integration for chart-testing (`ct lint-and-install` or equivalent) as MEDIUM — the chart is not regression-tested on install.
+- Label every finding with its evidence basis: `chart source provided`, `values only`, `documentation-based`, or `inference`.
+- Do not request kubeconfig, cluster credentials, cloud provider credentials, or live values files containing secrets. Ask for sanitized versions with placeholder values.
+- Static review only — never install a chart, never contact a Kubernetes cluster, never run `helm upgrade` or `kubectl apply`.
+
+## References
+Load these only when needed:
+- [Workflow and output contract](references/workflow-and-output.md) — use when executing the full review or formatting the final answer.
+
+## Response minimum
+Return, at minimum:
+- Linting and template correctness findings
+- Values hygiene findings (sensitive defaults, schema validation, `:latest` tags)
+- Template security findings (securityContext, capabilities, host namespaces, secrets in ConfigMap)
+- Resource governance findings (requests/limits, PDB, HPA)
+- Health and observability findings (liveness, readiness, startup probes)
+- Testability findings (helm test, chart-testing CI)
+- RBAC and service account findings
+- Severity-labelled finding list (CRITICAL / HIGH / MEDIUM / LOW)
+- Safe next actions

package/skills/qa/helm-chart-quality-review/metadata.json

@@ -0,0 +1,23 @@
+{
+  "id": "helm-chart-quality-review",
+  "name": "Helm Chart Quality Review",
+  "type": "skill",
+  "provider": "generic",
+  "harnesses": ["codex", "claude-code", "cursor", "gemini", "kiro", "other"],
+  "summary": "Review a Helm chart for quality, security, and testability defects — linting gaps, insecure securityContext, missing resource limits, absent health probes, RBAC over-permission, hardcoded secrets, and missing helm test coverage — statically, without installing or contacting a cluster.",
+  "source_type": "original",
+  "official_docs": [
+    "https://helm.sh/docs/chart_best_practices/",
+    "https://helm.sh/docs/helm/helm_lint/",
+    "https://helm.sh/docs/helm/helm_template/",
+    "https://helm.sh/docs/topics/chart_tests/",
+    "https://github.com/helm/chart-testing",
+    "https://kubernetes.io/docs/concepts/security/pod-security-standards/",
+    "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/"
+  ],
+  "security_notes": "Static review only — reads chart source files (Chart.yaml, values.yaml, templates/, tests/), never installs a chart, never connects to a Kubernetes cluster, never requests kubeconfig, cluster credentials, or cloud provider credentials. Do not accept values files containing live credentials, connection strings, or tenant IDs; ask for sanitized versions with placeholder values.",
+  "last_verified": "2026-05-17",
+  "path": "skills/qa/helm-chart-quality-review",
+  "author": "github: Raishin",
+  "version": "0.1.0"
+}

package/skills/qa/helm-chart-quality-review/references/workflow-and-output.md

@@ -0,0 +1,174 @@
+# Workflow and Output Contract
+
+## Workflow
+
+### Step 1 — Collect inputs
+
+Ask the user to provide one or more of the following as sanitized files (no live credentials, no kubeconfig, no cluster tokens — replace secrets with placeholders):
+- `Chart.yaml` — name, version, appVersion, dependencies
+- `values.yaml` — default values and their inline documentation
+- `values.schema.json` — JSON Schema validation for values (if present)
+- `templates/` — all template manifests (Deployment, StatefulSet, DaemonSet, Service, ConfigMap, Secret, RBAC resources, ServiceAccount, HPA, PDB, etc.)
+- `tests/` — helm test hook manifests
+- CI configuration (`ct.yaml`, `.github/workflows/*.yml`, `.gitlab-ci.yml`, or equivalent) if available
+
+If `values.schema.json` is absent, note it and flag as MEDIUM. If `tests/` is absent, note it and flag as MEDIUM. If CI configuration is not provided, state findings about chart-testing CI as `inference`.
+
+---
+
+### Step 2 — Linting and template correctness audit
+
+Check for structural and syntactic correctness.
+
+- Missing required `Chart.yaml` fields (`apiVersion`, `name`, `version`) → flag as blocking; the chart fails `helm lint`.
+- Chart `version` not semver-compliant (e.g. `1.0` instead of `1.0.0`) → LOW.
+- Undefined template variables that would cause `helm template` to fail → HIGH.
+- `helm template` renders manifests with empty required fields (image tag empty, pod name empty) → HIGH.
+- No `NOTES.txt` providing post-install next steps → LOW.
+
+---
+
+### Step 3 — Values hygiene audit
+
+Check for default value problems and schema coverage.
+
+- Hardcoded image tags set to `:latest` with no override mechanism → HIGH (breaks reproducibility and rollback).
+- Image digests hardcoded without a user-overridable `image.tag` or `image.digest` field → HIGH.
+- Sensitive default values: empty password (`password: ""`), literal `admin` or `password` as a default credential → CRITICAL. Users deploy defaults to production without noticing.
+- Required values with no `values.schema.json` type or pattern constraint → MEDIUM; `helm install` accepts arbitrary input with no validation.
+- Deeply nested values with no inline comment documentation → LOW; operators cannot understand what to tune without reading templates.
+
+---
+
+### Step 4 — Template security audit
+
+Check container and pod security configuration.
+
+```yaml
+# CRITICAL — container runs as root
+securityContext:
+  runAsUser: 0
+
+# CRITICAL — privileged mode grants near-root kernel access
+securityContext:
+  privileged: true
+
+# CRITICAL — grants all Linux capabilities
+securityContext:
+  capabilities:
+    add: ["ALL"]
+
+# CRITICAL — host namespace sharing
+spec:
+  hostNetwork: true
+  hostPID: true
+  hostIPC: true
+```
+
+- `runAsRoot: true` or `runAsNonRoot` absent from both pod-level and container-level securityContext → HIGH.
+- `allowPrivilegeEscalation` not set to `false` → HIGH; a child process can acquire more privileges than its parent.
+- `capabilities.add: [SYS_ADMIN]` or `[NET_ADMIN]` → CRITICAL.
+- `capabilities.add: [ALL]` → CRITICAL.
+- `privileged: true` → CRITICAL.
+- `hostNetwork: true`, `hostPID: true`, or `hostIPC: true` → CRITICAL for each.
+- `readOnlyRootFilesystem` absent or set to `false` → MEDIUM; the container filesystem is writable, enabling in-place modification of binaries.
+- Secrets (passwords, tokens, keys) rendered as plain-text data in a ConfigMap instead of a Secret resource → CRITICAL; any workload that can read ConfigMaps in the namespace can read the value.
+
+---
+
+### Step 5 — Resource governance audit
+
+Check resource requests, limits, and workload scaling policy.
+
+- `resources.requests` or `resources.limits` absent from any container spec → HIGH; without limits, a misbehaving pod triggers node over-subscription and may cause OOM kills on neighbouring workloads.
+- No `PodDisruptionBudget` for a StatefulSet or singleton Deployment → MEDIUM; node drains can take the workload to zero replicas.
+- No `HorizontalPodAutoscaler` where the workload is expected to handle variable load → LOW.
+
+---
+
+### Step 6 — Health and observability audit
+
+Check probe configuration.
+
+- `livenessProbe` absent from any container → HIGH; the kubelet cannot detect a hung container, and a failed pod can receive live traffic indefinitely.
+- `readinessProbe` absent → HIGH; rolling updates proceed without confirming the new pod is ready to serve traffic.
+- `startupProbe` absent for containers with slow or variable startup times → MEDIUM; the liveness probe fires before the container is ready, causing crash loops.
+- Probe `timeoutSeconds`, `failureThreshold`, or `periodSeconds` at Kubernetes defaults with no documented rationale → LOW; defaults may be too aggressive or too lenient for the workload.
+
+---
+
+### Step 7 — Testability audit
+
+Check helm test coverage and chart-testing CI integration.
+
+- No `tests/` directory → MEDIUM; helm test integration is absent. The chart has no post-install verification that can be run by `helm test`.
+- `tests/` present but test manifests only assert pod existence (`kubectl get pod`) and do not verify service reachability or a functional endpoint → LOW; existence confirms the pod started, not that the service responds correctly.
+- No CI integration for chart-testing — no `ct lint-and-install`, no `helm lint` + `helm template` step in CI configuration → MEDIUM; the chart is not regression-tested on install across a range of values.
+
+---
+
+### Step 8 — RBAC and service account audit
+
+Check role scope and service account token exposure.
+
+```yaml
+# CRITICAL — ClusterRoleBinding to default SA gives cluster-wide access
+# to every workload in the namespace
+subjects:
+  - kind: ServiceAccount
+    name: default
+    namespace: my-app
+roleRef:
+  kind: ClusterRole
+  name: admin
+```
+
+- `ClusterRoleBinding` to the `default` service account → CRITICAL.
+- `ClusterRole` used where a `Role` scoped to a single namespace would suffice → HIGH; blast radius of a compromised workload is the entire cluster.
+- `serviceAccount.automountServiceAccountToken` not set to `false` when the workload makes no Kubernetes API calls → HIGH; the service account token is mounted into the pod and exploitable by any process that can read the filesystem.
+
+---
+
+## Output
+
+Return findings in this structure:
+
+```
+## Verdict
+<one sentence: chart passes review with no critical issues / chart has critical defects that must be fixed before deployment / chart has high-severity defects requiring attention>
+
+## Evidence level
+<chart source provided | values only | partial (no templates) | inference>
+
+## Findings
+
+### CRITICAL
+- [C1] <finding title>: <description> — <remediation>
+
+### HIGH
+- [H1] <finding title>: <description> — <remediation>
+
+### MEDIUM
+- [M1] <finding title>: <description> — <remediation>
+
+### LOW
+- [L1] <finding title>: <description> — <remediation>
+
+## Safe next actions
+1. <action>
+2. <action>
+
+## Open questions
+- <question requiring user clarification>
+```
+
+---
+
+## Security notes
+
+- Never request kubeconfig, cluster credentials, cloud provider tokens, or live values files containing secrets. Ask for sanitized versions with placeholder values.
+- Static review only — never install a chart, never run `helm upgrade` or `kubectl apply`, never contact a Kubernetes cluster.
+- A container running as root, with `privileged: true`, or with `hostNetwork: true` is the highest-impact template security finding. Lead with it.
+- A `ClusterRoleBinding` to the `default` service account grants cluster-wide access to every workload in the namespace. Treat it as CRITICAL and flag immediately.
+- Secrets in ConfigMap instead of a Secret resource are exposed to all workloads in the namespace that have read access to ConfigMaps. Flag as CRITICAL.
+- Do not recommend workarounds that maintain the defect (e.g. "add a comment explaining why privileged is needed" is not remediation for `privileged: true`).

package/skills/qa/kubernetes-manifest-quality-review/SKILL.md

@@ -0,0 +1,92 @@
+---
+name: kubernetes-manifest-quality-review
+description: Use this skill when the user provides raw Kubernetes YAML manifests or asks to review K8s manifests for quality, security, or policy compliance — covering Deployment, StatefulSet, DaemonSet, Service, Ingress, NetworkPolicy, RBAC, and CRD resources.
+allowed-tools: Read Grep Glob
+metadata:
+  author: "github: Raishin"
+  version: "0.1.0"
+  updated: "2026-05-17"
+  category: delivery
+  lifecycle: experimental
+---
+
+# Kubernetes Manifest Quality Review
+
+## Purpose
+
+This skill reviews raw Kubernetes YAML manifests for quality, security, and policy-compliance defects. It covers Deployment, StatefulSet, DaemonSet, Service, Ingress, NetworkPolicy, RBAC, and CRD resources. The review is entirely static — it reads YAML files and never applies manifests to a cluster, never contacts the Kubernetes API, and never requests kubeconfig, service account tokens, or cloud credentials.
+
+## Lean operating rules
+
+### Schema and structure
+
+- `apiVersion` or `kind` missing — CRITICAL: the manifest cannot be applied; flag and stop review of that resource.
+- Deprecated API versions (e.g., `extensions/v1beta1`, `networking.k8s.io/v1beta1`, `policy/v1beta1` PodSecurityPolicy) — HIGH: these will be rejected by newer clusters.
+- Missing required labels (`app`, `app.kubernetes.io/name`, `app.kubernetes.io/version`) on Pods and workload controllers — MEDIUM: impairs observability, selector targeting, and policy enforcement.
+- No `namespace` specified (reliance on default namespace) — MEDIUM: encourages lateral movement and policy bypass; everything should be explicitly namespaced.
+
+### Pod security (Pod Security Standards)
+
+- `securityContext.runAsRoot: true` on a container, or no `runAsNonRoot: true` at pod or container level — HIGH: processes run as UID 0 inside the container.
+- `privileged: true` on a container security context — CRITICAL: the container has near-host-root access.
+- `allowPrivilegeEscalation: true` or field absent (it defaults to `true` unless `privileged: false` is set) — HIGH: child processes can gain more privileges than the parent.
+- `hostNetwork: true`, `hostPID: true`, `hostIPC: true` on the pod spec — CRITICAL: the pod shares the host network stack, process table, or IPC namespace, enabling broad host compromise.
+- `capabilities.add` containing `SYS_ADMIN`, `NET_ADMIN`, `ALL`, `SYS_PTRACE`, or `DAC_OVERRIDE` — CRITICAL: these capabilities provide near-root privilege; drop all capabilities and add only what is specifically required.
+- `readOnlyRootFilesystem: false` or field absent on a container — MEDIUM: a writable root filesystem makes container compromise easier; set to `true` and use `emptyDir` or volume mounts for mutable paths.
+- `seccompProfile` absent at pod or container level — MEDIUM: no syscall filtering, increasing the kernel attack surface; use `RuntimeDefault` or a custom profile.
+
+### Image hygiene
+
+- Image tag is `:latest` or absent — HIGH: non-reproducible deployments; a rollout can silently pull a different image than what was tested.
+- No image digest pinning for production manifests — MEDIUM: tag mutability allows supply-chain substitution; prefer `image@sha256:<digest>`.
+- Image pulled from an unverified public registry (e.g., Docker Hub) with no `imagePullPolicy: IfNotPresent` or digest — MEDIUM: arbitrary public images without integrity verification.
+
+### Resource governance
+
+- `resources.requests` and `resources.limits` both absent on a container — HIGH: the container is unschedulable on resource-constrained nodes and can starve co-located workloads.
+- Memory limit set without a CPU limit — MEDIUM: CPU throttling surprise; the container can be throttled heavily with no visible error.
+- Ephemeral storage limit absent on containers known to produce logs or temp files — LOW: unbounded ephemeral storage can exhaust node disk and evict other pods.
+
+### Health probes
+
+- `livenessProbe` missing — HIGH: the kubelet cannot detect application deadlocks or crash-loop conditions and restart the container.
+- `readinessProbe` missing — HIGH: the endpoint controller sends traffic to the pod before the application is ready, causing errors during startup and rolling updates.
+- Probe using `exec` command with no `timeoutSeconds` specified — MEDIUM: exec probes default to a 1-second timeout; a slow command silently causes probe failures and restarts.
+
+### Networking and exposure
+
+- Service type `LoadBalancer` or `NodePort` without a comment or annotation documenting the business justification — MEDIUM: these expose services externally or on every node port; ClusterIP is sufficient for internal services.
+- Ingress resource with no TLS block configured — HIGH: traffic between the client and the ingress controller is unencrypted.
+- No `NetworkPolicy` resource restricts pod ingress or egress in the namespace — MEDIUM: the default Kubernetes network model is allow-all; without a NetworkPolicy every pod can reach every other pod.
+- Ingress annotation `nginx.ingress.kubernetes.io/use-proxy-protocol` or similar annotation that forwards arbitrary upstream headers into backend requests from untrusted input — CRITICAL: enables SSRF and header injection.
+
+### RBAC and service accounts
+
+- `ClusterRole` with verb `*` on resource `*` or on `secrets` — CRITICAL: any principal bound to this role has full cluster read/write access.
+- `RoleBinding` or `ClusterRoleBinding` whose subject is `system:anonymous` or `system:unauthenticated` — CRITICAL: unauthenticated callers inherit these permissions.
+- `automountServiceAccountToken: true` (or field absent, which defaults to `true`) on pods that do not contact the Kubernetes API — HIGH: the token is mounted at a known path and exploitable if the container is compromised.
+- RBAC role granting `get` or `list` on `secrets` beyond what the workload demonstrably needs — HIGH: broadens blast radius of a credential compromise.
+
+### Secrets and config
+
+- Plaintext credentials (passwords, tokens, connection strings) in `env.value` on a container or in `ConfigMap.data` — CRITICAL: credentials visible in manifests committed to source control or stored in etcd in plaintext.
+- `Secret` with `type: Opaque` and a base64-encoded value that decodes to an empty string — MEDIUM: placeholder secret that will cause application startup failures and suggests secrets management is not wired up.
+
+## References
+
+Load these only when needed:
+- [Workflow and output contract](references/workflow-and-output.md) — use when executing the full review or formatting the final answer.
+
+## Response minimum
+
+Return, at minimum:
+- Schema and API version findings
+- Pod security findings (PSS Restricted/Baseline comparison)
+- Image hygiene findings
+- Resource governance findings
+- Health probe findings
+- Networking and exposure findings
+- RBAC and service account findings
+- Secrets and config findings
+- Severity-labelled finding list (CRITICAL / HIGH / MEDIUM / LOW)
+- Safe next actions

package/skills/qa/kubernetes-manifest-quality-review/metadata.json

@@ -0,0 +1,23 @@
+{
+  "id": "kubernetes-manifest-quality-review",
+  "name": "Kubernetes Manifest Quality Review",
+  "type": "skill",
+  "provider": "generic",
+  "harnesses": ["codex", "claude-code", "cursor", "gemini", "kiro", "other"],
+  "summary": "Review raw Kubernetes YAML manifests for security, quality, and policy defects — deprecated APIs, missing securityContext, absent resource limits, missing health probes, RBAC over-permission, plaintext secrets, and network exposure — statically, without applying manifests or contacting a cluster.",
+  "source_type": "original",
+  "official_docs": [
+    "https://kubernetes.io/docs/concepts/security/pod-security-standards/",
+    "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/",
+    "https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/",
+    "https://kubernetes.io/docs/reference/access-authn-authz/rbac/",
+    "https://kubernetes.io/docs/concepts/services-networking/network-policies/",
+    "https://github.com/yannh/kubeconform",
+    "https://github.com/zegl/kube-score"
+  ],
+  "security_notes": "Static review only — reads manifest YAML files, never applies manifests to a cluster, never connects to the Kubernetes API, and never requests kubeconfig, service account tokens, or cloud credentials. Do not accept manifests containing real secret values or connection strings decoded from base64; ask for sanitized versions with placeholder values.",
+  "last_verified": "2026-05-17",
+  "path": "skills/qa/kubernetes-manifest-quality-review",
+  "author": "github: Raishin",
+  "version": "0.1.0"
+}