{"task":"Use Kubernetes Secret Manager in an agent workflow","recommendations":[{"rank":1,"skill":"External Secrets","slug":"external-secrets-external-secrets","description":"External Secrets Operator reads information from a third-party service like AWS Secrets Manager and automatically injects the values as Kubernetes Secrets.","confidence":"0.99","match_score":99,"raw_match_score":231.8395856588734,"match_label":"Strong task match","safety_adjusted_score":253.8395856588734,"install":"npx skills add external-secrets/external-secrets","repository":"https://github.com/external-secrets/external-secrets","stats":{"stars":6678,"downloads":0,"rating":0,"quality_score":68.47},"quality":{"score":100,"tier":"excellent","label":"Excellent","summary":"High-confidence pick with strong adoption and healthy maintenance signals.","signals":[{"label":"GitHub stars","value":"6.7K","tone":"positive"},{"label":"Freshness","value":"18d ago","tone":"positive"},{"label":"Install ready","value":"Yes","tone":"positive"},{"label":"License","value":"Apache-2.0","tone":"neutral"}],"warnings":[]},"trust":{"version":"trust-score-v4","score":92,"tier":"production","label":"Production candidate","summary":"Strong OpenAgentSkill Trust Score across adoption, recent maintenance, license clarity, documentation, dependency/runtime risk, install safety, permission surface, and install availability.","recommendedAction":"Shortlist for production use, then run a normal repository and dependency review.","dimensions":[{"id":"github_adoption","label":"GitHub adoption","score":94,"weight":0.13,"status":"pass","detail":"6.7K GitHub stars"},{"id":"repo_activity","label":"Stars/forks activity","score":93,"weight":0.08,"status":"pass","detail":"6.7K stars, 1.3K forks; issue activity unavailable in current metadata"},{"id":"maintenance","label":"Recent maintenance","score":100,"weight":0.14,"status":"pass","detail":"18d since push"},{"id":"license","label":"License clarity","score":86,"weight":0.09,"status":"pass","detail":"Apache-2.0"},{"id":"documentation","label":"README/SKILL.md completeness","score":90,"weight":0.14,"status":"pass","detail":"Metadata includes enough usage and workflow context"},{"id":"dependency_risk","label":"Dependency/runtime risk","score":90,"weight":0.12,"status":"pass","detail":"no major dependency risk hints in public metadata"},{"id":"installability","label":"Install availability","score":92,"weight":0.1,"status":"pass","detail":"npx skills add external-secrets/external-secrets"},{"id":"install_safety","label":"Install command safety","score":92,"weight":0.1,"status":"pass","detail":"standard package or runtime install path"},{"id":"permission_surface","label":"Permission surface","score":86,"weight":0.07,"status":"pass","detail":"filesystem or document access"},{"id":"repository","label":"Repository evidence","score":86,"weight":0.04,"status":"pass","detail":"https://github.com/external-secrets/external-secrets"},{"id":"review_status","label":"Review status","score":88,"weight":0.05,"status":"pass","detail":"AI review data available"},{"id":"agent_outcomes","label":"Agent Proven outcomes","score":54,"weight":0.13,"status":"info","detail":"No agent outcome data yet"}],"checks":[{"status":"pass","label":"GitHub adoption","detail":"6.7K GitHub stars"},{"status":"pass","label":"Stars/forks activity","detail":"6.7K stars, 1.3K forks; issue activity unavailable in current metadata"},{"status":"pass","label":"Recent maintenance","detail":"18d since push"},{"status":"pass","label":"License clarity","detail":"Apache-2.0"},{"status":"pass","label":"README/SKILL.md completeness","detail":"Metadata includes enough usage and workflow context"},{"status":"pass","label":"Dependency/runtime risk","detail":"no major dependency risk hints in public metadata"},{"status":"pass","label":"Install availability","detail":"npx skills add external-secrets/external-secrets"},{"status":"pass","label":"Install command safety","detail":"standard package or runtime install path"},{"status":"pass","label":"Permission surface","detail":"filesystem or document access"},{"status":"pass","label":"Repository evidence","detail":"https://github.com/external-secrets/external-secrets"},{"status":"pass","label":"Review status","detail":"AI review data available"},{"status":"info","label":"Agent Proven outcomes","detail":"No agent outcome data yet"},{"status":"pass","label":"Ownership","detail":"Listing manually verified"},{"status":"info","label":"OpenAgentSkill usage","detail":"No local usage activity yet"},{"status":"info","label":"Agent outcomes","detail":"No agent outcome data yet"}],"strengths":["Manually verified listing","AI review approved","Install path is available","Repository evidence is available","Recently maintained repository","Large GitHub adoption signal","Install command has no obvious high-risk pattern"],"warnings":[],"evidence":{"stars":"6.7K GitHub stars","repoActivity":"6.7K stars, 1.3K forks","lastPushed":"18d since push","license":"Apache-2.0","repository":"https://github.com/external-secrets/external-secrets","install":"npx skills add external-secrets/external-secrets","installSafety":"standard package or runtime install path","permissionSurface":"filesystem or document access","documentation":"Strong README/SKILL.md context","agentOutcomes":"No agent outcome data yet"},"installReadiness":{"ready":true,"command":"npx skills add external-secrets/external-secrets","policy":"agent_install_candidate","label":"Agent install candidate","notes":["Install path is available","Repository evidence is available","License is declared","No Agent Proven outcome evidence yet","18d since push"]},"agentCompatibility":["Go","Kubernetes","Codex","Claude Code","Cursor","OpenAgentSkill CLI"],"riskSummary":{"level":"low","label":"Low metadata risk","notes":["No major trust warnings detected from available metadata"]},"outcomeEvidence":{"total":0,"successes":0,"failures":0,"notRelevant":0,"successRate":null,"installAttempts":0,"riskBlocked":0,"setupRequired":0,"installSuccessRate":null,"avgOutputQuality":null,"avgTimeToUsefulMs":null,"productionOutcomes":0,"humanReviewRequired":0,"recentSuccessRate":null,"recentFailureRate":null,"uniqueAgents":0,"agentProvenScore":0,"agentProvenLabel":"Needs first agent run","lastOutcomeAt":null,"label":"No agent outcome data yet"},"autoInstall":{"allowed":true,"sandboxRequired":true,"policy":"agent_install_candidate","reason":"Trust Score v4 allows sandbox-first agent installation after normal workspace review."},"bestFor":["devops","kubernetes","external-secrets","hacktoberfest","kubernetes-secrets","secrets-manager"],"doNotUseFor":["Production credentials, payments, or irreversible account changes without explicit human review","Sensitive private data before reviewing repository code, license, and permission surface"],"knownRisks":[]},"safety":{"score":87,"level":"safe_to_install","label":"Safe to install with normal review","safety_tier":{"tier":"verified","label":"Verified","badge":"VERIFIED","summary":"Strong metadata, audit, install, and review signals. Suitable for agent shortlists after normal workspace review.","recommended_action":"Allow agent install in a sandbox or low-risk workspace, then promote after one successful narrow task.","auto_install_policy":"allow","reasons":["Verified listing","Safe-to-try audit","87/100 agent safety score"]},"auto_install_allowed":true,"human_review_required":false,"blocked":false,"audit_risk":"safe_to_try","permission_hints":[{"id":"network","label":"Network access","reason":"Skill likely fetches remote pages, APIs, repositories, or external services.","severity":"medium"},{"id":"filesystem","label":"Filesystem access","reason":"Skill may read or write project files, documents, generated artifacts, or local workspace state.","severity":"medium"}],"policy_warnings":[],"constraints_applied":{"max_risk":"medium","needs_install_command":true,"min_stars":0}},"safety_gate":{"tier":"verified","label":"Verified","badge":"VERIFIED","auto_install_policy":"allow","auto_install_allowed":true,"human_review_required":false,"blocked":false,"recommended_action":"Allow agent install in a sandbox or low-risk workspace, then promote after one successful narrow task.","reasons":["Verified listing","Safe-to-try audit","87/100 agent safety score"]},"supply_profile":{"track":{"slug":"coding","label":"Coding and developer agents","shortLabel":"Coding","description":"Code review, repo analysis, testing, CI, GitHub, DevOps, and developer workflow skills."},"scenario":{"label":"Coding agents","description":"I need a coding agent that can understand a repository, edit code, and review pull requests.","useCases":[{"slug":"coding-agents","title":"Coding agents"},{"slug":"rag-knowledge","title":"RAG and knowledge"},{"slug":"browser-automation","title":"Browser automation"}]},"applicableAgents":["Claude Code","CLI","Codex","Cursor","Go"],"install":{"ready":true,"command":"npx skills add external-secrets/external-secrets","primaryTarget":"CLI","targetCount":4},"githubQuality":{"stars":6678,"starsLabel":"6.7K","forks":1330,"license":"Apache-2.0","qualityScore":100,"trustScore":92,"auditScore":95},"maintenance":{"status":"fresh","label":"18d since push","daysSincePush":18,"lastPushedAt":"2026-06-15T14:43:20+00:00"},"risk":{"level":"safe_to_try","label":"Safe to try","requiresReview":false,"notes":["No major risk signals from available metadata"]},"coverageTags":["Coding","Coding agents","devops","kubernetes","external-secrets","hacktoberfest","kubernetes-secrets","secrets-manager"]},"audit":{"audit_score":95,"risk_level":"safe_to_try","risk_label":"Safe to try","warnings":[]},"install_targets":[{"id":"openagentskill-cli","label":"CLI","title":"OpenAgentSkill CLI","kind":"command","value":"npx skills add external-secrets/external-secrets","description":"Use the registry command when your workflow supports the OpenAgentSkill installer.","copyLabel":"Copy command"},{"id":"codex","label":"Codex","title":"Codex install prompt","kind":"agent-prompt","value":"Install the \"External Secrets\" agent skill from https://github.com/external-secrets/external-secrets. Read its SKILL.md or equivalent instructions first, install only the files needed for this workspace, and summarize any required setup before using it. Skill purpose: External Secrets Operator reads information from a third-party service like AWS Secrets Manager and automatically injects the values as Kubernetes Secrets.","description":"Give Codex a repo-aware install prompt when the skill is not available through a local CLI.","copyLabel":"Copy prompt"},{"id":"claude-code","label":"Claude Code","title":"Claude Code skill prompt","kind":"agent-prompt","value":"Add \"External Secrets\" as a Claude Code skill from https://github.com/external-secrets/external-secrets. Inspect the skill instructions, place the reusable skill files in the appropriate local skills location for this project, and report the activation steps. Skill purpose: External Secrets Operator reads information from a third-party service like AWS Secrets Manager and automatically injects the values as Kubernetes Secrets.","description":"Use this prompt to ask Claude Code to add the skill and explain the local activation steps.","copyLabel":"Copy prompt"},{"id":"cursor","label":"Cursor","title":"Cursor rule prompt","kind":"agent-prompt","value":"Turn \"External Secrets\" from https://github.com/external-secrets/external-secrets into a reusable Cursor project rule or agent instruction. Preserve the core workflow, adapt paths to this repo, and keep the rule scoped to tasks where it is relevant. Skill purpose: External Secrets Operator reads information from a third-party service like AWS Secrets Manager and automatically injects the values as Kubernetes Secrets.","description":"Use this when installing as Cursor project rules or reusable agent instructions.","copyLabel":"Copy prompt"}],"urls":{"web":"https://www.openagentskill.com/skills/external-secrets-external-secrets","api":"https://www.openagentskill.com/api/agent/skills/external-secrets-external-secrets","install_api":"https://www.openagentskill.com/api/skills/external-secrets-external-secrets/install","audit":"https://www.openagentskill.com/skills/external-secrets-external-secrets/audit","repository":"https://github.com/external-secrets/external-secrets"},"decision":{"readiness_score":100,"readiness_label":"Production-ready","headline":"Primary pick for Coding agents","role":"Primary pick","adoption_stage":"Adopt","primary_fit":"Coding agents","best_for":["Coding agents workflows","Claude Code teams","teams that value GitHub adoption signals"],"risks":["No OpenAgentSkill engagement data yet"],"proof_points":["6,678 GitHub stars","recent repository activity","install command or GitHub repo available","100/100 quality profile"],"next_steps":["Install it in a sandbox agent and run one Coding agents task end to end.","Compare output quality, latency, and failure behavior against at least one alternative.","Promote it into production only after reviewing repository permissions, license, and maintenance signals."]},"use_cases":[{"slug":"coding-agents","title":"Coding agents","url":"https://www.openagentskill.com/use-cases/coding-agents"},{"slug":"rag-knowledge","title":"RAG and knowledge","url":"https://www.openagentskill.com/use-cases/rag-knowledge"}],"recommendation_reasons":["Matches task terms: use, kubernetes, secret, manager","Useful GitHub adoption: 6,678 stars","Install handoff is available","Repository freshness signal is available","Registry match score 99"],"reasoning":"Strong task match. Evidence: verified author, 68 quality score. External Secrets Operator reads information from a third-party service like AWS Secrets Manager and automatically injects the values as Kubernetes Secrets."},{"rank":2,"skill":"Sealed Secrets","slug":"bitnami-labs-sealed-secrets","description":"A Kubernetes controller and tool for one-way encrypted Secrets","confidence":"0.95","match_score":95,"raw_match_score":222.681666773783,"match_label":"Strong task match","safety_adjusted_score":244.681666773783,"install":"npx skills add bitnami-labs/sealed-secrets","repository":"https://github.com/bitnami-labs/sealed-secrets","stats":{"stars":9171,"downloads":0,"rating":0,"quality_score":69.44},"quality":{"score":100,"tier":"excellent","label":"Excellent","summary":"High-confidence pick with strong adoption and healthy maintenance signals.","signals":[{"label":"GitHub stars","value":"9.2K","tone":"positive"},{"label":"Freshness","value":"9d ago","tone":"positive"},{"label":"Install ready","value":"Yes","tone":"positive"},{"label":"License","value":"Apache-2.0","tone":"neutral"}],"warnings":[]},"trust":{"version":"trust-score-v4","score":90,"tier":"production","label":"Production candidate","summary":"Strong OpenAgentSkill Trust Score across adoption, recent maintenance, license clarity, documentation, dependency/runtime risk, install safety, permission surface, and install availability.","recommendedAction":"Shortlist for production use, then run a normal repository and dependency review.","dimensions":[{"id":"github_adoption","label":"GitHub adoption","score":94,"weight":0.13,"status":"pass","detail":"9.2K GitHub stars"},{"id":"repo_activity","label":"Stars/forks activity","score":88,"weight":0.08,"status":"pass","detail":"9.2K stars, 774 forks; issue activity unavailable in current metadata"},{"id":"maintenance","label":"Recent maintenance","score":100,"weight":0.14,"status":"pass","detail":"9d since push"},{"id":"license","label":"License clarity","score":86,"weight":0.09,"status":"pass","detail":"Apache-2.0"},{"id":"documentation","label":"README/SKILL.md completeness","score":74,"weight":0.14,"status":"info","detail":"Public metadata needs stronger README/SKILL.md context"},{"id":"dependency_risk","label":"Dependency/runtime risk","score":90,"weight":0.12,"status":"pass","detail":"no major dependency risk hints in public metadata"},{"id":"installability","label":"Install availability","score":92,"weight":0.1,"status":"pass","detail":"npx skills add bitnami-labs/sealed-secrets"},{"id":"install_safety","label":"Install command safety","score":92,"weight":0.1,"status":"pass","detail":"standard package or runtime install path"},{"id":"permission_surface","label":"Permission surface","score":86,"weight":0.07,"status":"pass","detail":"filesystem or document access"},{"id":"repository","label":"Repository evidence","score":86,"weight":0.04,"status":"pass","detail":"https://github.com/bitnami-labs/sealed-secrets"},{"id":"review_status","label":"Review status","score":88,"weight":0.05,"status":"pass","detail":"AI review data available"},{"id":"agent_outcomes","label":"Agent Proven outcomes","score":54,"weight":0.13,"status":"info","detail":"No agent outcome data yet"}],"checks":[{"status":"pass","label":"GitHub adoption","detail":"9.2K GitHub stars"},{"status":"pass","label":"Stars/forks activity","detail":"9.2K stars, 774 forks; issue activity unavailable in current metadata"},{"status":"pass","label":"Recent maintenance","detail":"9d since push"},{"status":"pass","label":"License clarity","detail":"Apache-2.0"},{"status":"info","label":"README/SKILL.md completeness","detail":"Public metadata needs stronger README/SKILL.md context"},{"status":"pass","label":"Dependency/runtime risk","detail":"no major dependency risk hints in public metadata"},{"status":"pass","label":"Install availability","detail":"npx skills add bitnami-labs/sealed-secrets"},{"status":"pass","label":"Install command safety","detail":"standard package or runtime install path"},{"status":"pass","label":"Permission surface","detail":"filesystem or document access"},{"status":"pass","label":"Repository evidence","detail":"https://github.com/bitnami-labs/sealed-secrets"},{"status":"pass","label":"Review status","detail":"AI review data available"},{"status":"info","label":"Agent Proven outcomes","detail":"No agent outcome data yet"},{"status":"pass","label":"Ownership","detail":"Listing manually verified"},{"status":"info","label":"OpenAgentSkill usage","detail":"No local usage activity yet"},{"status":"info","label":"Agent outcomes","detail":"No agent outcome data yet"}],"strengths":["Manually verified listing","AI review approved","Install path is available","Repository evidence is available","Recently maintained repository","Large GitHub adoption signal","Install command has no obvious high-risk pattern"],"warnings":[],"evidence":{"stars":"9.2K GitHub stars","repoActivity":"9.2K stars, 774 forks","lastPushed":"9d since push","license":"Apache-2.0","repository":"https://github.com/bitnami-labs/sealed-secrets","install":"npx skills add bitnami-labs/sealed-secrets","installSafety":"standard package or runtime install path","permissionSurface":"filesystem or document access","documentation":"Usable metadata, review docs","agentOutcomes":"No agent outcome data yet"},"installReadiness":{"ready":true,"command":"npx skills add bitnami-labs/sealed-secrets","policy":"agent_install_candidate","label":"Agent install candidate","notes":["Install path is available","Repository evidence is available","License is declared","No Agent Proven outcome evidence yet","9d since push"]},"agentCompatibility":["Go","Kubernetes","Codex","Claude Code","Cursor","OpenAgentSkill CLI"],"riskSummary":{"level":"low","label":"Low metadata risk","notes":["No major trust warnings detected from available metadata"]},"outcomeEvidence":{"total":0,"successes":0,"failures":0,"notRelevant":0,"successRate":null,"installAttempts":0,"riskBlocked":0,"setupRequired":0,"installSuccessRate":null,"avgOutputQuality":null,"avgTimeToUsefulMs":null,"productionOutcomes":0,"humanReviewRequired":0,"recentSuccessRate":null,"recentFailureRate":null,"uniqueAgents":0,"agentProvenScore":0,"agentProvenLabel":"Needs first agent run","lastOutcomeAt":null,"label":"No agent outcome data yet"},"autoInstall":{"allowed":true,"sandboxRequired":true,"policy":"agent_install_candidate","reason":"Trust Score v4 allows sandbox-first agent installation after normal workspace review."},"bestFor":["devops","kubernetes","devops-workflow","encrypt-secrets","gitops","kubernetes-secrets"],"doNotUseFor":["Production credentials, payments, or irreversible account changes without explicit human review","Sensitive private data before reviewing repository code, license, and permission surface"],"knownRisks":[]},"safety":{"score":86,"level":"safe_to_install","label":"Safe to install with normal review","safety_tier":{"tier":"verified","label":"Verified","badge":"VERIFIED","summary":"Strong metadata, audit, install, and review signals. Suitable for agent shortlists after normal workspace review.","recommended_action":"Allow agent install in a sandbox or low-risk workspace, then promote after one successful narrow task.","auto_install_policy":"allow","reasons":["Verified listing","Safe-to-try audit","86/100 agent safety score"]},"auto_install_allowed":true,"human_review_required":false,"blocked":false,"audit_risk":"safe_to_try","permission_hints":[{"id":"network","label":"Network access","reason":"Skill likely fetches remote pages, APIs, repositories, or external services.","severity":"medium"},{"id":"filesystem","label":"Filesystem access","reason":"Skill may read or write project files, documents, generated artifacts, or local workspace state.","severity":"medium"}],"policy_warnings":[],"constraints_applied":{"max_risk":"medium","needs_install_command":true,"min_stars":0}},"safety_gate":{"tier":"verified","label":"Verified","badge":"VERIFIED","auto_install_policy":"allow","auto_install_allowed":true,"human_review_required":false,"blocked":false,"recommended_action":"Allow agent install in a sandbox or low-risk workspace, then promote after one successful narrow task.","reasons":["Verified listing","Safe-to-try audit","86/100 agent safety score"]},"supply_profile":{"track":{"slug":"coding","label":"Coding and developer agents","shortLabel":"Coding","description":"Code review, repo analysis, testing, CI, GitHub, DevOps, and developer workflow skills."},"scenario":{"label":"Coding agents","description":"I need a coding agent that can understand a repository, edit code, and review pull requests.","useCases":[{"slug":"coding-agents","title":"Coding agents"},{"slug":"rag-knowledge","title":"RAG and knowledge"},{"slug":"workflow-automation","title":"Workflow automation"}]},"applicableAgents":["Claude Code","CLI","Codex","Cursor","Go"],"install":{"ready":true,"command":"npx skills add bitnami-labs/sealed-secrets","primaryTarget":"CLI","targetCount":4},"githubQuality":{"stars":9171,"starsLabel":"9.2K","forks":774,"license":"Apache-2.0","qualityScore":100,"trustScore":90,"auditScore":94},"maintenance":{"status":"fresh","label":"9d since push","daysSincePush":9,"lastPushedAt":"2026-06-24T12:21:41+00:00"},"risk":{"level":"safe_to_try","label":"Safe to try","requiresReview":false,"notes":["No major risk signals from available metadata"]},"coverageTags":["Coding","Coding agents","devops","kubernetes","devops-workflow","encrypt-secrets","gitops","kubernetes-secrets"]},"audit":{"audit_score":94,"risk_level":"safe_to_try","risk_label":"Safe to try","warnings":[]},"install_targets":[{"id":"openagentskill-cli","label":"CLI","title":"OpenAgentSkill CLI","kind":"command","value":"npx skills add bitnami-labs/sealed-secrets","description":"Use the registry command when your workflow supports the OpenAgentSkill installer.","copyLabel":"Copy command"},{"id":"codex","label":"Codex","title":"Codex install prompt","kind":"agent-prompt","value":"Install the \"Sealed Secrets\" agent skill from https://github.com/bitnami-labs/sealed-secrets. Read its SKILL.md or equivalent instructions first, install only the files needed for this workspace, and summarize any required setup before using it. Skill purpose: A Kubernetes controller and tool for one-way encrypted Secrets","description":"Give Codex a repo-aware install prompt when the skill is not available through a local CLI.","copyLabel":"Copy prompt"},{"id":"claude-code","label":"Claude Code","title":"Claude Code skill prompt","kind":"agent-prompt","value":"Add \"Sealed Secrets\" as a Claude Code skill from https://github.com/bitnami-labs/sealed-secrets. Inspect the skill instructions, place the reusable skill files in the appropriate local skills location for this project, and report the activation steps. Skill purpose: A Kubernetes controller and tool for one-way encrypted Secrets","description":"Use this prompt to ask Claude Code to add the skill and explain the local activation steps.","copyLabel":"Copy prompt"},{"id":"cursor","label":"Cursor","title":"Cursor rule prompt","kind":"agent-prompt","value":"Turn \"Sealed Secrets\" from https://github.com/bitnami-labs/sealed-secrets into a reusable Cursor project rule or agent instruction. Preserve the core workflow, adapt paths to this repo, and keep the rule scoped to tasks where it is relevant. Skill purpose: A Kubernetes controller and tool for one-way encrypted Secrets","description":"Use this when installing as Cursor project rules or reusable agent instructions.","copyLabel":"Copy prompt"}],"urls":{"web":"https://www.openagentskill.com/skills/bitnami-labs-sealed-secrets","api":"https://www.openagentskill.com/api/agent/skills/bitnami-labs-sealed-secrets","install_api":"https://www.openagentskill.com/api/skills/bitnami-labs-sealed-secrets/install","audit":"https://www.openagentskill.com/skills/bitnami-labs-sealed-secrets/audit","repository":"https://github.com/bitnami-labs/sealed-secrets"},"decision":{"readiness_score":100,"readiness_label":"Production-ready","headline":"Primary pick for Coding agents","role":"Primary pick","adoption_stage":"Adopt","primary_fit":"Coding agents","best_for":["Coding agents workflows","Claude Code teams","teams that value GitHub adoption signals"],"risks":["No OpenAgentSkill engagement data yet"],"proof_points":["9,171 GitHub stars","recent repository activity","install command or GitHub repo available","100/100 quality profile"],"next_steps":["Install it in a sandbox agent and run one Coding agents task end to end.","Compare output quality, latency, and failure behavior against at least one alternative.","Promote it into production only after reviewing repository permissions, license, and maintenance signals."]},"use_cases":[{"slug":"coding-agents","title":"Coding agents","url":"https://www.openagentskill.com/use-cases/coding-agents"},{"slug":"rag-knowledge","title":"RAG and knowledge","url":"https://www.openagentskill.com/use-cases/rag-knowledge"}],"recommendation_reasons":["Matches task terms: use, kubernetes, secret, agent","Useful GitHub adoption: 9,171 stars","Install handoff is available","Repository freshness signal is available","Registry match score 95"],"reasoning":"Strong task match. Evidence: verified author, 69 quality score. A Kubernetes controller and tool for one-way encrypted Secrets"},{"rank":3,"skill":"Secrets Store Csi Driver","slug":"kubernetes-sigs-secrets-store-csi-driver","description":"Secrets Store CSI driver for Kubernetes secrets - Integrates secrets stores with Kubernetes via a CSI volume.  ","confidence":"0.93","match_score":93,"raw_match_score":217.949695469999,"match_label":"Strong task match","safety_adjusted_score":229.949695469999,"install":"npx skills add kubernetes-sigs/secrets-store-csi-driver","repository":"https://github.com/kubernetes-sigs/secrets-store-csi-driver","stats":{"stars":1537,"downloads":0,"rating":0,"quality_score":64.01},"quality":{"score":100,"tier":"excellent","label":"Excellent","summary":"High-confidence pick with strong adoption and healthy maintenance signals.","signals":[{"label":"GitHub stars","value":"1.5K","tone":"positive"},{"label":"Freshness","value":"22d ago","tone":"positive"},{"label":"Install ready","value":"Yes","tone":"positive"},{"label":"License","value":"Apache-2.0","tone":"neutral"}],"warnings":[]},"trust":{"version":"trust-score-v4","score":88,"tier":"production","label":"Production candidate","summary":"Strong OpenAgentSkill Trust Score across adoption, recent maintenance, license clarity, documentation, dependency/runtime risk, install safety, permission surface, and install availability.","recommendedAction":"Shortlist for production use, then run a normal repository and dependency review.","dimensions":[{"id":"github_adoption","label":"GitHub adoption","score":86,"weight":0.13,"status":"pass","detail":"1.5K GitHub stars"},{"id":"repo_activity","label":"Stars/forks activity","score":83,"weight":0.08,"status":"pass","detail":"1.5K stars, 327 forks; issue activity unavailable in current metadata"},{"id":"maintenance","label":"Recent maintenance","score":100,"weight":0.14,"status":"pass","detail":"22d since push"},{"id":"license","label":"License clarity","score":86,"weight":0.09,"status":"pass","detail":"Apache-2.0"},{"id":"documentation","label":"README/SKILL.md completeness","score":90,"weight":0.14,"status":"pass","detail":"Metadata includes enough usage and workflow context"},{"id":"dependency_risk","label":"Dependency/runtime risk","score":72,"weight":0.12,"status":"info","detail":"credential or environment access"},{"id":"installability","label":"Install availability","score":92,"weight":0.1,"status":"pass","detail":"npx skills add kubernetes-sigs/secrets-store-csi-driver"},{"id":"install_safety","label":"Install command safety","score":92,"weight":0.1,"status":"pass","detail":"standard package or runtime install path"},{"id":"permission_surface","label":"Permission surface","score":60,"weight":0.07,"status":"warn","detail":"secrets or environment access, filesystem or document access"},{"id":"repository","label":"Repository evidence","score":86,"weight":0.04,"status":"pass","detail":"https://github.com/kubernetes-sigs/secrets-store-csi-driver"},{"id":"review_status","label":"Review status","score":88,"weight":0.05,"status":"pass","detail":"AI review data available"},{"id":"agent_outcomes","label":"Agent Proven outcomes","score":54,"weight":0.13,"status":"info","detail":"No agent outcome data yet"}],"checks":[{"status":"pass","label":"GitHub adoption","detail":"1.5K GitHub stars"},{"status":"pass","label":"Stars/forks activity","detail":"1.5K stars, 327 forks; issue activity unavailable in current metadata"},{"status":"pass","label":"Recent maintenance","detail":"22d since push"},{"status":"pass","label":"License clarity","detail":"Apache-2.0"},{"status":"pass","label":"README/SKILL.md completeness","detail":"Metadata includes enough usage and workflow context"},{"status":"info","label":"Dependency/runtime risk","detail":"credential or environment access"},{"status":"pass","label":"Install availability","detail":"npx skills add kubernetes-sigs/secrets-store-csi-driver"},{"status":"pass","label":"Install command safety","detail":"standard package or runtime install path"},{"status":"warn","label":"Permission surface","detail":"secrets or environment access, filesystem or document access"},{"status":"pass","label":"Repository evidence","detail":"https://github.com/kubernetes-sigs/secrets-store-csi-driver"},{"status":"pass","label":"Review status","detail":"AI review data available"},{"status":"info","label":"Agent Proven outcomes","detail":"No agent outcome data yet"},{"status":"pass","label":"Ownership","detail":"Listing manually verified"},{"status":"info","label":"OpenAgentSkill usage","detail":"No local usage activity yet"},{"status":"info","label":"Agent outcomes","detail":"No agent outcome data yet"}],"strengths":["Manually verified listing","AI review approved","Install path is available","Repository evidence is available","Recently maintained repository","Meaningful GitHub adoption signal","Install command has no obvious high-risk pattern"],"warnings":["Permission surface needs review: secrets or environment access, filesystem or document access","Permission surface: secrets or environment access, filesystem or document access"],"evidence":{"stars":"1.5K GitHub stars","repoActivity":"1.5K stars, 327 forks","lastPushed":"22d since push","license":"Apache-2.0","repository":"https://github.com/kubernetes-sigs/secrets-store-csi-driver","install":"npx skills add kubernetes-sigs/secrets-store-csi-driver","installSafety":"standard package or runtime install path","permissionSurface":"secrets or environment access, filesystem or document access","documentation":"Strong README/SKILL.md context","agentOutcomes":"No agent outcome data yet"},"installReadiness":{"ready":true,"command":"npx skills add kubernetes-sigs/secrets-store-csi-driver","policy":"agent_install_candidate","label":"Agent install candidate","notes":["Install path is available","Repository evidence is available","License is declared","No Agent Proven outcome evidence yet","22d since push"]},"agentCompatibility":["Go","Kubernetes","Codex","Claude Code","Cursor","OpenAgentSkill CLI"],"riskSummary":{"level":"medium","label":"Review before production","notes":["Permission surface needs review: secrets or environment access, filesystem or document access","Permission surface: secrets or environment access, filesystem or document access"]},"outcomeEvidence":{"total":0,"successes":0,"failures":0,"notRelevant":0,"successRate":null,"installAttempts":0,"riskBlocked":0,"setupRequired":0,"installSuccessRate":null,"avgOutputQuality":null,"avgTimeToUsefulMs":null,"productionOutcomes":0,"humanReviewRequired":0,"recentSuccessRate":null,"recentFailureRate":null,"uniqueAgents":0,"agentProvenScore":0,"agentProvenLabel":"Needs first agent run","lastOutcomeAt":null,"label":"No agent outcome data yet"},"autoInstall":{"allowed":true,"sandboxRequired":true,"policy":"agent_install_candidate","reason":"Trust Score v4 allows sandbox-first agent installation after normal workspace review."},"bestFor":["devops","kubernetes","aws-secrets-manager","azure-keyvault","csi","csi-secrets-store"],"doNotUseFor":["Production credentials, payments, or irreversible account changes without explicit human review","Sensitive private data before reviewing repository code, license, and permission surface"],"knownRisks":["Permission surface needs review: secrets or environment access, filesystem or document access","Permission surface: secrets or environment access, filesystem or document access"]},"safety":{"score":65,"level":"review_before_install","label":"Review before install","safety_tier":{"tier":"reviewed","label":"Reviewed with permission notes","badge":"REVIEWED","summary":"Usable candidate, but the agent should surface permission and audit notes before installation.","recommended_action":"Require human approval before installing into a real workspace.","auto_install_policy":"review","reasons":["High-risk permission hints: Secrets or environment access","65/100 agent safety score"]},"auto_install_allowed":false,"human_review_required":true,"blocked":false,"audit_risk":"safe_to_try","permission_hints":[{"id":"network","label":"Network access","reason":"Skill likely fetches remote pages, APIs, repositories, or external services.","severity":"medium"},{"id":"filesystem","label":"Filesystem access","reason":"Skill may read or write project files, documents, generated artifacts, or local workspace state.","severity":"medium"},{"id":"secrets","label":"Secrets or environment access","reason":"Skill metadata references credentials, tokens, environment variables, or secret-bearing workflows.","severity":"high"}],"policy_warnings":["High-risk permission hints: Secrets or environment access","Permission surface may require sandboxing"],"constraints_applied":{"max_risk":"medium","needs_install_command":true,"min_stars":0}},"safety_gate":{"tier":"reviewed","label":"Reviewed with permission notes","badge":"REVIEWED","auto_install_policy":"review","auto_install_allowed":false,"human_review_required":true,"blocked":false,"recommended_action":"Require human approval before installing into a real workspace.","reasons":["High-risk permission hints: Secrets or environment access","65/100 agent safety score"]},"supply_profile":{"track":{"slug":"coding","label":"Coding and developer agents","shortLabel":"Coding","description":"Code review, repo analysis, testing, CI, GitHub, DevOps, and developer workflow skills."},"scenario":{"label":"Coding agents","description":"I need a coding agent that can understand a repository, edit code, and review pull requests.","useCases":[{"slug":"coding-agents","title":"Coding agents"},{"slug":"rag-knowledge","title":"RAG and knowledge"},{"slug":"workflow-automation","title":"Workflow automation"}]},"applicableAgents":["Claude Code","CLI","Codex","Cursor","Go"],"install":{"ready":true,"command":"npx skills add kubernetes-sigs/secrets-store-csi-driver","primaryTarget":"CLI","targetCount":4},"githubQuality":{"stars":1537,"starsLabel":"1.5K","forks":327,"license":"Apache-2.0","qualityScore":100,"trustScore":88,"auditScore":93},"maintenance":{"status":"fresh","label":"22d since push","daysSincePush":22,"lastPushedAt":"2026-06-11T04:16:46+00:00"},"risk":{"level":"safe_to_try","label":"Safe to try","requiresReview":true,"notes":["Permission surface may require sandboxing","Permission surface needs review: secrets or environment access, filesystem or document access","Permission surface: secrets or environment access, filesystem or document access"]},"coverageTags":["Coding","Coding agents","devops","kubernetes","aws-secrets-manager","azure-keyvault","csi","csi-secrets-store"]},"audit":{"audit_score":93,"risk_level":"safe_to_try","risk_label":"Safe to try","warnings":["Permission surface may require sandboxing","Permission surface needs review: secrets or environment access, filesystem or document access","Permission surface: secrets or environment access, filesystem or document access"]},"install_targets":[{"id":"openagentskill-cli","label":"CLI","title":"OpenAgentSkill CLI","kind":"command","value":"npx skills add kubernetes-sigs/secrets-store-csi-driver","description":"Use the registry command when your workflow supports the OpenAgentSkill installer.","copyLabel":"Copy command"},{"id":"codex","label":"Codex","title":"Codex install prompt","kind":"agent-prompt","value":"Install the \"Secrets Store Csi Driver\" agent skill from https://github.com/kubernetes-sigs/secrets-store-csi-driver. Read its SKILL.md or equivalent instructions first, install only the files needed for this workspace, and summarize any required setup before using it. Skill purpose: Secrets Store CSI driver for Kubernetes secrets - Integrates secrets stores with Kubernetes via a CSI volume.","description":"Give Codex a repo-aware install prompt when the skill is not available through a local CLI.","copyLabel":"Copy prompt"},{"id":"claude-code","label":"Claude Code","title":"Claude Code skill prompt","kind":"agent-prompt","value":"Add \"Secrets Store Csi Driver\" as a Claude Code skill from https://github.com/kubernetes-sigs/secrets-store-csi-driver. Inspect the skill instructions, place the reusable skill files in the appropriate local skills location for this project, and report the activation steps. Skill purpose: Secrets Store CSI driver for Kubernetes secrets - Integrates secrets stores with Kubernetes via a CSI volume.","description":"Use this prompt to ask Claude Code to add the skill and explain the local activation steps.","copyLabel":"Copy prompt"},{"id":"cursor","label":"Cursor","title":"Cursor rule prompt","kind":"agent-prompt","value":"Turn \"Secrets Store Csi Driver\" from https://github.com/kubernetes-sigs/secrets-store-csi-driver into a reusable Cursor project rule or agent instruction. Preserve the core workflow, adapt paths to this repo, and keep the rule scoped to tasks where it is relevant. Skill purpose: Secrets Store CSI driver for Kubernetes secrets - Integrates secrets stores with Kubernetes via a CSI volume.","description":"Use this when installing as Cursor project rules or reusable agent instructions.","copyLabel":"Copy prompt"}],"urls":{"web":"https://www.openagentskill.com/skills/kubernetes-sigs-secrets-store-csi-driver","api":"https://www.openagentskill.com/api/agent/skills/kubernetes-sigs-secrets-store-csi-driver","install_api":"https://www.openagentskill.com/api/skills/kubernetes-sigs-secrets-store-csi-driver/install","audit":"https://www.openagentskill.com/skills/kubernetes-sigs-secrets-store-csi-driver/audit","repository":"https://github.com/kubernetes-sigs/secrets-store-csi-driver"},"decision":{"readiness_score":100,"readiness_label":"Production-ready","headline":"Primary pick for Coding agents","role":"Primary pick","adoption_stage":"Adopt","primary_fit":"Coding agents","best_for":["Coding agents workflows","Claude Code teams","teams that value GitHub adoption signals"],"risks":["No OpenAgentSkill engagement data yet"],"proof_points":["1,537 GitHub stars","recent repository activity","install command or GitHub repo available","100/100 quality profile"],"next_steps":["Install it in a sandbox agent and run one Coding agents task end to end.","Compare output quality, latency, and failure behavior against at least one alternative.","Promote it into production only after reviewing repository permissions, license, and maintenance signals."]},"use_cases":[{"slug":"coding-agents","title":"Coding agents","url":"https://www.openagentskill.com/use-cases/coding-agents"},{"slug":"rag-knowledge","title":"RAG and knowledge","url":"https://www.openagentskill.com/use-cases/rag-knowledge"}],"recommendation_reasons":["Matches task terms: use, kubernetes, secret, manager","Useful GitHub adoption: 1,537 stars","Install handoff is available","Repository freshness signal is available","Registry match score 93"],"reasoning":"Strong task match. Evidence: verified author, 64 quality score. Secrets Store CSI driver for Kubernetes secrets - Integrates secrets stores with Kubernetes via a CSI volume.  "}],"blocked_candidates":[{"slug":"upmc-enterprises-kubernetes-secret-manager","name":"Kubernetes Secret Manager","match_score":99,"raw_match_score":237.00834192935952,"safety_gate":{"tier":"blocked","label":"Blocked for auto-install","badge":"BLOCKED","summary":"This skill should not be selected by an agent without explicit human security review.","recommended_action":"Do not auto-install. Inspect the source, dependencies, and permission surface first.","auto_install_policy":"block","reasons":["Audit risk exceeds the requested agent policy","Audit classified this skill as risky","Audit risk risky exceeds max_risk=medium"]},"url":"https://www.openagentskill.com/skills/upmc-enterprises-kubernetes-secret-manager/audit"},{"slug":"dicklesworthstone-coding-agent-account-manager","name":"Coding Agent Account Manager","match_score":78,"raw_match_score":182.16951634560496,"safety_gate":{"tier":"blocked","label":"Blocked for auto-install","badge":"BLOCKED","summary":"This skill should not be selected by an agent without explicit human security review.","recommended_action":"Do not auto-install. Inspect the source, dependencies, and permission surface first.","auto_install_policy":"block","reasons":["Metadata combines secrets access with shell or command execution","High-risk permission hints: Shell or command execution, Secrets or environment access"]},"url":"https://www.openagentskill.com/skills/dicklesworthstone-coding-agent-account-manager/audit"},{"slug":"securekubernetes-securekubernetes","name":"Securekubernetes","match_score":56,"raw_match_score":131.805343443715,"safety_gate":{"tier":"blocked","label":"Blocked for auto-install","badge":"BLOCKED","summary":"This skill should not be selected by an agent without explicit human security review.","recommended_action":"Do not auto-install. Inspect the source, dependencies, and permission surface first.","auto_install_policy":"block","reasons":["Audit risk exceeds the requested agent policy","Audit classified this skill as risky","Audit risk risky exceeds max_risk=medium"]},"url":"https://www.openagentskill.com/skills/securekubernetes-securekubernetes/audit"},{"slug":"gregbkr-kubernetes-kargo-logging-monitoring","name":"Kubernetes Kargo Logging Monitoring","match_score":55,"raw_match_score":128.91356909474044,"safety_gate":{"tier":"blocked","label":"Blocked for auto-install","badge":"BLOCKED","summary":"This skill should not be selected by an agent without explicit human security review.","recommended_action":"Do not auto-install. Inspect the source, dependencies, and permission surface first.","auto_install_policy":"block","reasons":["Audit risk exceeds the requested agent policy","Audit classified this skill as risky","Audit risk risky exceeds max_risk=medium"]},"url":"https://www.openagentskill.com/skills/gregbkr-kubernetes-kargo-logging-monitoring/audit"},{"slug":"duyanghao-kubernetes-reading-notes","name":"Kubernetes Reading Notes","match_score":55,"raw_match_score":128.86683893539413,"safety_gate":{"tier":"blocked","label":"Blocked for auto-install","badge":"BLOCKED","summary":"This skill should not be selected by an agent without explicit human security review.","recommended_action":"Do not auto-install. Inspect the source, dependencies, and permission surface first.","auto_install_policy":"block","reasons":["Audit risk exceeds the requested agent policy","Audit classified this skill as risky","Audit risk risky exceeds max_risk=medium"]},"url":"https://www.openagentskill.com/skills/duyanghao-kubernetes-reading-notes/audit"}],"suggested_composition":{"name":"external-secrets-external-secrets-agent-stack","description":"Start with External Secrets, then add Sealed Secrets + Secrets Store Csi Driver only if the workflow needs extra coverage.","skills":["external-secrets-external-secrets","bitnami-labs-sealed-secrets","kubernetes-sigs-secrets-store-csi-driver"],"steps":["Prototype the task with External Secrets as the primary skill.","Add the second skill only if the first one leaves a capability gap.","Keep the third skill as a fallback during evaluation instead of installing everything at once."]},"suggested_stacks":[{"slug":"web-data-pipeline","name":"Web data pipeline stack","url":"https://www.openagentskill.com/collections/web-data-pipeline","use_case":"web-scraping"},{"slug":"coding-review-agent","name":"Coding review agent stack","url":"https://www.openagentskill.com/collections/coding-review-agent","use_case":"coding-agents"}],"meta":{"timestamp":"2026-07-04T02:16:47.729Z","api_version":"1.0","total_skills_searched":20263,"blocked_candidates":5,"safety_policy":"Blocked candidates are excluded from recommendations. Verified and reviewed candidates receive ranking priority.","public_search_endpoint":"https://www.openagentskill.com/api/skills/search","agent_friendly":true}}