{"id":"92edf447-0121-4291-b3ca-dcb1647e4277","shortId":"2ZaQx9","kind":"skill","title":"review-infrastructure","tagline":"Use when the user asks for an infrastructure review, IaC review, Terraform review, Kubernetes manifest review, Dockerfile review, Helm chart review, container review, gateway review (Envoy / Ingress / Gateway API), service mesh review (Linkerd / Istio), east-west traffic review, ","description":"# Infrastructure Review\n\nStructured infrastructure-as-code review producing actionable, prioritized findings with code-level references. Covers Terraform / OpenTofu, Kubernetes manifests, Dockerfiles, Helm charts, **north-south gateway exposure** (Envoy as edge gateway, Ingress controllers, Gateway API), and **east-west service mesh** (Linkerd, Istio).\n\n**Out of scope** (defer to siblings):\n- Pod shutdown / SIGTERM / `preStop` / `terminationGracePeriodSeconds` → `review-reliability`\n- IAM policies, secret material, KMS key usage → `review-security` (but flag inline plaintext secrets in TF / k8s here)\n- Application source code (`.go`, `.proto`, etc.) → `review-code`\n\n## Workflow\n\n### 1. Scope and explore\n\n- Confirm scope with the user: full codebase, specific paths/modules, changed files only (PR or branch diff), or specific concern.\n- **Resolve scope to a file list.** Based on what the user requested:\n  - **Changed files (PR or branch):** Run `git diff --name-only --diff-filter=d <base>...HEAD` to get changed files (default `<base>` is `main`). If the user references a PR number, use `gh pr diff <number> --name-only` instead. Filter to infrastructure file types (see classification below).\n  - **Explicit paths/modules:** The user may specify directories (e.g. `terraform/`, `deploy/k8s/`) or individual files. Include all infra files under it.\n  - **Full codebase:** No filtering. Walk the repo for infra files (default).\n- **If invoked from review-all**: receive `file_list`, `has_changes`, `base_ref`, `REVIEW_DIR`, and `pr_url` from the orchestrator. Skip your own scope confirmation and use the provided values directly.\n- **Pass the resolved scope** (file list) to all exploration and investigation subagents so they only read and analyze scoped files.\n\n**File classification.** Detect by extension and content sniff:\n- **Terraform / OpenTofu**: `*.tf`, `*.tofu`, `*.tfvars`. Inspect `provider`, `backend`, `terraform { required_*_version }` blocks.\n- **Kubernetes manifests**: YAML with `apiVersion:` + `kind:` keys. Includes raw manifests, Kustomize bases/overlays, ArgoCD `Application` specs, FluxCD `Kustomization`.\n- **Dockerfile**: filename `Dockerfile`, `Containerfile`, or `*.Dockerfile`.\n- **Helm**: directories containing `Chart.yaml`. Template files live under `templates/`; values in `values.yaml` and `values-*.yaml`.\n- **Gateway (north-south)**: Envoy bootstrap / config (`envoy.yaml`, files referencing `node:`, `static_resources:`, `dynamic_resources:`, `listeners:` + `filter_chains:`). YAML manifests whose `apiVersion` matches `gateway.networking.k8s.io/*` (Gateway API), `getambassador.io/*` (Emissary/Ambassador), or `projectcontour.io/*` (Contour). Standard k8s `Ingress` resources.\n- **Service mesh (east-west)**: YAML manifests whose `apiVersion` matches `networking.istio.io/*`, `security.istio.io/*`, `policy.linkerd.io/*`, or `linkerd.io/*`. Namespaces/workloads with `linkerd.io/inject` or `istio-injection` annotations/labels.\n\n### 2. System overview\n\nProduce a brief topology summary covering:\n- Cloud / hosting model (if discernible from TF providers or k8s annotations)\n- Cluster shape: namespaces, ingress/egress points, service mesh in use (Linkerd / Istio / Envoy / none)\n- North-south entry points: gateway in use (Envoy, Ingress controller, Gateway API) and what it terminates (TLS, mTLS, JWT)\n- East-west traffic posture: mesh in use (Linkerd / Istio / none); mTLS default-on or default-off; authorization mode (allow-all, allow-list, default-deny)\n- Workload classes: stateful sets vs. deployments, daemonsets, jobs/cronjobs\n- Container image sources and registries\n\nThis anchors findings to the actual deployment topology.\n\n### 3. Launch investigation subagents in parallel\n\nLaunch investigation subagents concurrently using the Task tool (`model: sonnet` per `subagent-model-routing` — infra analysis needs to interpret resource relationships, not just pattern-match). Each receives the system overview and the relevant subset of in-scope files. Only launch subagents whose preconditions are met.\n\n| Subagent | Precondition | Categories |\n|---|---|---|\n| Terraform / OpenTofu | any `*.tf`, `*.tofu`, `*.tfvars` | Terraform checklist in [reference.md](reference.md) |\n| Kubernetes | any k8s YAML | Kubernetes checklist in [reference.md](reference.md) |\n| Dockerfile | any Dockerfile | Dockerfile checklist in [reference.md](reference.md) |\n| Helm | any `Chart.yaml` | Helm checklist in [reference.md](reference.md) |\n| Gateway (north-south) | Envoy bootstrap, Gateway API CRDs, Ingress | Gateway checklist in [reference.md](reference.md) |\n| Service mesh (east-west) | Linkerd/Istio CRDs or injection annotations | Service mesh checklist in [reference.md](reference.md) |\n\nEach subagent must:\n- Read **only** the in-scope files supplied.\n- Apply the matching checklist in [reference.md](reference.md).\n- Run the static analyzers below when the binary is on `PATH`. If a binary is missing, record it in the report as \"tool not available\" — do not install or fetch it.\n- For each finding, search nearby files (`README.md`, in-repo runbooks, `TODO`/`FIXME`/`HACK`/`XXX` comments) for existing tracking.\n- Return findings using the **infrastructure findings** template.\n\n### 4. Run static analyzers\n\nInvoke each tool if available and capture its output for the investigation subagent to triage:\n\n```sh\n# Terraform — syntax, idiom, deprecations\ncommand -v tflint    >/dev/null && tflint --format=compact <scope>\ncommand -v tfsec     >/dev/null && tfsec --no-color --format default <scope>\ncommand -v checkov   >/dev/null && checkov -d <scope> --quiet --compact\n\n# Kubernetes — schema + best-practice lint\ncommand -v kubeconform >/dev/null && kubeconform -strict -summary <files>\ncommand -v kube-linter >/dev/null && kube-linter lint <files>\n\n# Dockerfile\ncommand -v hadolint  >/dev/null && hadolint <Dockerfile>\n\n# Helm — render then re-lint the rendered manifests\ncommand -v helm      >/dev/null && helm lint <chart-dir> \\\n  && helm template <chart-dir> | kubeconform -strict -summary - 2>/dev/null \\\n  && helm template <chart-dir> | kube-linter lint - 2>/dev/null\n```\n\nTool output is **input** to the review, not the review itself. The subagent must interpret findings in context (e.g. a `kube-linter` \"no-readiness-probe\" warning on a Job is expected; on a Deployment it is not).\n\n### 5. Present results\n\nResolve the review output directory:\n\n```sh\nREVIEW_DATE=$(date +%Y-%m-%d)\nREVIEW_DIR=\"reviews/${REVIEW_DATE}\"\nif [ -d \"$REVIEW_DIR\" ]; then REVIEW_DIR=\"reviews/${REVIEW_DATE}-$(date +%H%M)\"; fi\nmkdir -p \"$REVIEW_DIR\"\n```\n\nCapture run metadata (see [Run metadata header](#run-metadata-header) below) and prepend the rendered block to `${REVIEW_DIR}/INFRASTRUCTURE-REVIEW.md`.\n\nWrite the output structured as:\n1. Run metadata header\n2. Topology overview (from step 2)\n3. Findings table (one section per subagent / surface)\n4. Tool availability notes (which analyzers were run vs. skipped)\n5. Recommended fix order\n\nPresent the report to the user.\n\n---\n\n## Run metadata header\n\nCapture once near `REVIEW_DIR` resolution and prepend the rendered block to the output document:\n\n```sh\nRUN_DATETIME=$(date -u +\"%Y-%m-%d %H:%M UTC\")\nGIT_BRANCH=$(git rev-parse --abbrev-ref HEAD)\nGIT_COMMIT=$(git rev-parse --short HEAD)\nGIT_COMMIT_FULL=$(git rev-parse HEAD)\nGIT_SUBJECT=$(git log -1 --pretty=%s)\n# When scope is diff-based, also: BASE_REF=<base>; BASE_COMMIT=$(git rev-parse --short \"$BASE_REF\")\n```\n\nHeader template (placed at the top of the output `.md`, before the H1 title):\n\n```markdown\n> **Run:** {RUN_DATETIME}\n> **Branch:** {GIT_BRANCH} @ {GIT_COMMIT} (`{GIT_COMMIT_FULL}`)\n> **Subject:** {GIT_SUBJECT}\n> **Base:** {BASE_REF} @ {BASE_COMMIT}   <!-- omit when scope is not diff-based -->\n> **Scope:** {scope description}\n```\n\n---\n\n## Finding link wrapping (PR mode)\n\nWhen the review is scoped to a GitHub PR (`pr_url` is provided by the caller, or, when run standalone, `gh pr view --json url -q .url 2>/dev/null` returns one), wrap every `path:line` reference inside the finding tables below as a Markdown link:\n\n```sh\n~/.claude/scripts/pr-deeplink.sh \"$pr_url\" <path> <line>\n# pr_url set   → [path:line](https://github.com/.../pull/N/files#diff-<hash>R<line>)\n# pr_url empty → path:line   (plain text, unchanged)\n```\n\nThe display text stays `path:line` so plain and linked tables look identical; only the URL goes in the link target. Pass `L` as the fourth argument for findings about removed code (default is `R`). Omit `<line>` for file-level findings to get a file-anchor link. Apply the same wrapping to `path:line` references inside the Tracked column. Findings follow `terse-comments`: concrete fix, optional `bug:`/`risk:`/`nit:`/`unsure:` prefix, no praise or restating the diff.\n\n---\n\n## Output Templates\n\n### Infrastructure findings\n\n```markdown\n| Priority | Surface | Finding | Impact | Effort | Tracked |\n|----------|---------|---------|--------|--------|---------|\n| P0 | k8s | Description with code references | Impact on availability / security / cost | trivial / small / moderate / large | — |\n| P1 | terraform | Description with code references | Impact description | Effort estimate | FIXME in file:line |\n```\n\n**Surface column values:** `terraform`, `k8s`, `dockerfile`, `helm`, `gateway`, `mesh`.\n\n**Tracked column values:** Use `—` for new findings. For already-captured findings: `TODO in file:line`, `FIXME in file:line`, `README`, `#123` (issue reference), etc.\n\n### Re-evaluation table (for follow-up reviews)\n\n```markdown\n| Finding | Status | What Changed |\n|---------|--------|--------------|\n| ~~1. Description~~ | FIXED | Brief explanation of the fix |\n| 2. Description | Still applicable | No changes |\n```\n\n---\n\n## Guidelines\n\n- Search the organization's codebase (Sourcegraph, GitHub) for existing module / chart / manifest patterns before recommending new ones.\n- Include effort estimates to help prioritize implementation.\n- When the user asks for a follow-up review, find the most recent review directory (`ls -d reviews/*/ 2>/dev/null | sort | tail -1`) containing `INFRASTRUCTURE-REVIEW.md`, re-evaluate all prior findings, and append the re-evaluation table.\n- For detailed framework categories, see [reference.md](reference.md).\n- **REVIEW.md integration**: If a `REVIEW.md` context section was provided by the review-all orchestrator (or exists at the repository root when running standalone), treat its rules as additional review criteria. \"Always check\" items are HIGH severity; domain-specific items (Infrastructure section) are MEDIUM severity. \"Skip\" patterns exclude matching files from review scope.\n- Findings must cite probed evidence (`path:line`, grep output, command result), not pattern-matched suspicion. Per `~/.claude/rules/probe-not-assume.md`.","tags":["review","infrastructure","skill","issue","paultyng","agent-skills","ai-tools","claude-code","cursor","dotfiles"],"capabilities":["skill","source-paultyng","skill-review-infrastructure","topic-agent-skills","topic-ai-tools","topic-claude-code","topic-cursor","topic-dotfiles"],"categories":["skill-issue"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/paultyng/skill-issue/review-infrastructure","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add paultyng/skill-issue","source_repo":"https://github.com/paultyng/skill-issue","install_from":"skills.sh"}},"qualityScore":"0.454","qualityRationale":"deterministic score 0.45 from registry signals: · indexed on github topic:agent-skills · 8 github stars · SKILL.md body (10,769 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T19:09:02.079Z","embedding":null,"createdAt":"2026-05-18T13:21:27.472Z","updatedAt":"2026-05-18T19:09:02.079Z","lastSeenAt":"2026-05-18T19:09:02.079Z","tsv":"'-1':1038,1396 '/*':378,383,388,406,409,412,416 '/.../pull/n/files#diff-':1157 '/.claude/rules/probe-not-assume.md':1490 '/.claude/scripts/pr-deeplink.sh':1147 '/dev/null':757,764,774,788,797,806,820,829,837,1129,1393 '/infrastructure-review.md':935 '/inject':421 '1':132,941,1334 '123':1316 '2':427,828,836,945,950,1128,1342,1392 '3':531,951 '4':730,959 '5':877,969 'abbrev':1015 'abbrev-ref':1014 'action':52 'actual':528 'addit':1447 'allow':502,505 'allow-al':501 'allow-list':504 'alreadi':1304 'already-captur':1303 'also':1047 'alway':1450 'analysi':553 'analyz':292,676,733,964 'anchor':524,1213 'annot':446,648 'annotations/labels':426 'api':32,80,380,472,631 'apivers':319,374,402 'append':1406 'appli':666,1215 'applic':122,328,1345 'argocd':327 'argument':1193 'ask':8,1376 'author':499 'avail':697,738,961,1265 'backend':310 'base':161,254,1046,1048,1050,1057,1088,1089,1091 'bases/overlays':326 'best':782 'best-practic':781 'binari':680,686 'block':314,931,992 'bootstrap':358,629 'branch':150,171,1009,1077,1079 'brief':432,1337 'bug':1235 'caller':1116 'captur':740,915,982,1305 'categori':587,1415 'chain':370 'chang':145,167,185,253,1333,1347 'chart':23,67,1359 'chart.yaml':341,618 'check':1451 'checklist':595,604,612,620,635,651,669 'checkov':773,775 'cite':1475 'class':511 'classif':211,296 'cloud':436 'cluster':447 'code':49,57,124,130,1198,1261,1276 'code-level':56 'codebas':142,233,1353 'color':768 'column':1226,1287,1296 'command':754,761,771,785,792,803,817,1482 'comment':719,1231 'commit':1019,1027,1051,1081,1083,1092 'compact':760,778 'concern':154 'concret':1232 'concurr':540 'config':359 'confirm':136,268 'contain':25,340,518,1397 'containerfil':335 'content':301 'context':855,1424 'contour':389 'control':78,470 'cost':1267 'cover':60,435 'crds':632,645 'criteria':1449 'd':181,776,891,898,1004,1390 'daemonset':516 'date':887,888,896,906,907,1000 'datetim':999,1076 'default':187,242,493,497,508,770,1199 'default-deni':507 'default-off':496 'default-on':492 'defer':92 'deni':509 'deploy':515,529,873 'deploy/k8s':222 'deprec':753 'descript':1095,1259,1274,1279,1335,1343 'detail':1413 'detect':297 'diff':151,174,179,200,1045,1245 'diff-bas':1044 'diff-filt':178 'dir':257,893,900,903,914,934,986 'direct':274 'directori':219,339,884,1388 'discern':440 'display':1168 'dockerfil':20,65,332,334,337,608,610,611,802,1291 'document':996 'domain':1457 'domain-specif':1456 'dynam':366 'e.g':220,856 'east':39,83,397,481,642 'east-west':38,82,396,480,641 'edg':75 'effort':1255,1280,1367 'emissary/ambassador':384 'empti':1161 'entri':463 'envoy':29,73,357,458,468,628 'envoy.yaml':360 'estim':1281,1368 'etc':127,1319 'evalu':1322,1401,1410 'everi':1133 'evid':1477 'exclud':1467 'exist':721,1357,1435 'expect':870 'explan':1338 'explicit':213 'explor':135,283 'exposur':72 'extens':299 'fetch':702 'fi':910 'file':146,159,168,186,208,225,229,241,250,279,294,295,343,361,577,664,709,1205,1212,1284,1309,1313,1469 'file-anchor':1211 'file-level':1204 'filenam':333 'filter':180,205,235,369 'find':54,525,706,724,728,853,952,1096,1139,1195,1207,1227,1249,1253,1301,1306,1330,1383,1404,1473 'fix':971,1233,1336,1341 'fixm':716,1282,1311 'flag':114 'fluxcd':330 'follow':1228,1326,1380 'follow-up':1325,1379 'format':759,769 'fourth':1192 'framework':1414 'full':141,232,1028,1084 'gateway':27,31,71,76,79,353,379,465,471,624,630,634,1293 'gateway.networking.k8s.io':377 'gateway.networking.k8s.io/*':376 'get':184,1209 'getambassador.io':382 'getambassador.io/*':381 'gh':198,1121 'git':173,1008,1010,1018,1020,1026,1029,1034,1036,1052,1078,1080,1082,1086 'github':1108,1355 'github.com':1156 'github.com/.../pull/n/files#diff-':1155 'go':125 'goe':1183 'grep':1480 'guidelin':1348 'h':908,1005 'h1':1071 'hack':717 'hadolint':805,807 'head':182,1017,1025,1033 'header':921,925,944,981,1059 'helm':22,66,338,616,619,808,819,821,823,830,1292 'help':1370 'high':1454 'host':437 'iac':13 'iam':103 'ident':1179 'idiom':752 'imag':519 'impact':1254,1263,1278 'implement':1372 'in-repo':711 'in-scop':574,661 'includ':226,322,1366 'individu':224 'infra':228,240,552 'infrastructur':3,11,43,47,207,727,1248,1460 'infrastructure-as-cod':46 'infrastructure-review.md':1398 'ingress':30,77,392,469,633 'ingress/egress':450 'inject':425,647 'inlin':115 'input':841 'insid':1137,1223 'inspect':308 'instal':700 'instead':204 'integr':1420 'interpret':556,852 'investig':285,533,538,745 'invok':244,734 'issu':1317 'istio':37,88,424,457,489 'istio-inject':423 'item':1452,1459 'job':868 'jobs/cronjobs':517 'json':1124 'jwt':479 'k8s':120,391,445,601,1258,1290 'key':108,321 'kind':320 'kms':107 'kube':795,799,833,859 'kube-lint':794,798,832,858 'kubeconform':787,789,825 'kubernet':17,63,315,599,603,779 'kustom':325,331 'l':1189 'larg':1271 'launch':532,537,579 'level':58,1206 'line':1135,1154,1163,1172,1221,1285,1310,1314,1479 'link':1097,1145,1176,1186,1214 'linkerd':36,87,456,488 'linkerd.io':415,420 'linkerd.io/*':414 'linkerd.io/inject':419 'linkerd/istio':644 'lint':784,801,813,822,835 'linter':796,800,834,860 'list':160,251,280,506 'listen':368 'live':344 'log':1037 'look':1178 'ls':1389 'm':890,909,1003,1006 'main':189 'manifest':18,64,316,324,372,400,816,1360 'markdown':1073,1144,1250,1329 'match':375,403,563,668,1468,1487 'materi':106 'may':217 'md':1068 'medium':1463 'mesh':34,86,395,453,485,640,650,1294 'met':584 'metadata':917,920,924,943,980 'miss':688 'mkdir':911 'mode':500,1100 'model':438,545,550 'moder':1270 'modul':1358 'mtls':478,491 'must':657,851,1474 'name':176,202 'name-on':175,201 'namespac':449 'namespaces/workloads':417 'near':984 'nearbi':708 'need':554 'networking.istio.io':405 'networking.istio.io/*':404 'new':1300,1364 'nit':1237 'no-color':766 'no-readiness-prob':861 'node':363 'none':459,490 'north':69,355,461,626 'north-south':68,354,460,625 'note':962 'number':196 'omit':1202 'one':954,1131,1365 'opentofu':62,304,589 'option':1234 'orchestr':263,1433 'order':972 'organ':1351 'output':742,839,883,938,995,1067,1246,1481 'overview':429,568,947 'p':912 'p0':1257 'p1':1272 'parallel':536 'pars':1013,1023,1032,1055 'pass':275,1188 'path':683,1134,1153,1162,1171,1220,1478 'paths/modules':144,214 'pattern':562,1361,1466,1486 'pattern-match':561,1485 'per':547,956,1489 'place':1061 'plain':1164,1174 'plaintext':116 'pod':95 'point':451,464 'polici':104 'policy.linkerd.io':411 'policy.linkerd.io/*':410 'postur':484 'pr':148,169,195,199,259,1099,1109,1110,1122,1148,1150,1159 'practic':783 'prais':1241 'precondit':582,586 'prefix':1239 'prepend':928,989 'present':878,973 'prestop':98 'pretti':1039 'prior':1403 'priorit':53,1371 'prioriti':1251 'probe':864,1476 'produc':51,430 'projectcontour.io':387 'projectcontour.io/*':386 'proto':126 'provid':272,309,443,1113,1427 'q':1126 'quiet':777 'r':1158,1201 'raw':323 're':812,1321,1400,1409 're-evalu':1320,1399,1408 're-lint':811 'read':290,658 'readi':863 'readm':1315 'readme.md':710 'receiv':249,565 'recent':1386 'recommend':970,1363 'record':689 'ref':255,1016,1049,1058,1090 'refer':59,193,1136,1222,1262,1277,1318 'referenc':362 'reference.md':597,598,606,607,614,615,622,623,637,638,653,654,671,672,1417,1418 'registri':522 'relationship':558 'relev':571 'reliabl':102 'remov':1197 'render':809,815,930,991 'repo':238,713 'report':693,975 'repositori':1438 'request':166 'requir':312 'resolut':987 'resolv':155,277,880 'resourc':365,367,393,557 'restat':1243 'result':879,1483 'return':723,1130 'rev':1012,1022,1031,1054 'rev-pars':1011,1021,1030,1053 'review':2,12,14,16,19,21,24,26,28,35,42,44,50,101,111,129,247,256,844,847,882,886,892,894,895,899,902,904,905,913,933,985,1103,1328,1382,1387,1391,1431,1448,1471 'review-al':246,1430 'review-cod':128 'review-infrastructur':1 'review-reli':100 'review-secur':110 'review.md':1419,1423 'risk':1236 'root':1439 'rout':551 'rule':1445 'run':172,673,731,916,919,923,942,966,979,998,1074,1075,1119,1441 'run-metadata-head':922 'runbook':714 'schema':780 'scope':91,133,137,156,267,278,293,576,663,1042,1093,1094,1105,1472 'search':707,1349 'secret':105,117 'section':955,1425,1461 'secur':112,1266 'security.istio.io':408 'security.istio.io/*':407 'see':210,918,1416 'servic':33,85,394,452,639,649 'set':513,1152 'sever':1455,1464 'sh':749,885,997,1146 'shape':448 'short':1024,1056 'shutdown':96 'sibl':94 'sigterm':97 'skill' 'skill-review-infrastructure' 'skip':264,968,1465 'small':1269 'sniff':302 'sonnet':546 'sort':1394 'sourc':123,520 'source-paultyng' 'sourcegraph':1354 'south':70,356,462,627 'spec':329 'specif':143,153,1458 'specifi':218 'standalon':1120,1442 'standard':390 'state':512 'static':364,675,732 'status':1331 'stay':1170 'step':949 'still':1344 'strict':790,826 'structur':45,939 'subag':286,534,539,549,580,585,656,746,850,957 'subagent-model-rout':548 'subject':1035,1085,1087 'subset':572 'summari':434,791,827 'suppli':665 'surfac':958,1252,1286 'suspicion':1488 'syntax':751 'system':428,567 'tabl':953,1140,1177,1323,1411 'tail':1395 'target':1187 'task':543 'templat':342,346,729,824,831,1060,1247 'termin':476 'terminationgraceperiodsecond':99 'terraform':15,61,221,303,311,588,594,750,1273,1289 'ters':1230 'terse-com':1229 'text':1165,1169 'tf':119,305,442,591 'tflint':756,758 'tfsec':763,765 'tfvar':307,593 'titl':1072 'tls':477 'todo':715,1307 'tofu':306,592 'tool':544,695,736,838,960 'top':1064 'topic-agent-skills' 'topic-ai-tools' 'topic-claude-code' 'topic-cursor' 'topic-dotfiles' 'topolog':433,530,946 'track':722,1225,1256,1295 'traffic':41,483 'treat':1443 'triag':748 'trivial':1268 'type':209 'u':1001 'unchang':1166 'unsur':1238 'url':260,1111,1125,1127,1149,1151,1160,1182 'usag':109 'use':4,197,270,455,467,487,541,725,1298 'user':7,140,165,192,216,978,1375 'utc':1007 'v':755,762,772,786,793,804,818 'valu':273,347,351,1288,1297 'values.yaml':349 'version':313 'view':1123 'vs':514,967 'walk':236 'warn':865 'west':40,84,398,482,643 'whose':373,401,581 'workflow':131 'workload':510 'wrap':1098,1132,1218 'write':936 'xxx':718 'y':889,1002 'yaml':317,352,371,399,602","prices":[{"id":"15289ba5-0923-4423-9540-670379e396ec","listingId":"92edf447-0121-4291-b3ca-dcb1647e4277","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"paultyng","category":"skill-issue","install_from":"skills.sh"},"createdAt":"2026-05-18T13:21:27.472Z"}],"sources":[{"listingId":"92edf447-0121-4291-b3ca-dcb1647e4277","source":"github","sourceId":"paultyng/skill-issue/review-infrastructure","sourceUrl":"https://github.com/paultyng/skill-issue/tree/main/skills/review-infrastructure","isPrimary":false,"firstSeenAt":"2026-05-18T13:21:27.472Z","lastSeenAt":"2026-05-18T19:09:02.079Z"}],"details":{"listingId":"92edf447-0121-4291-b3ca-dcb1647e4277","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"paultyng","slug":"review-infrastructure","github":{"repo":"paultyng/skill-issue","stars":8,"topics":["agent-skills","ai-tools","claude-code","cursor","dotfiles"],"license":"mit","html_url":"https://github.com/paultyng/skill-issue","pushed_at":"2026-05-18T18:26:54Z","description":"Personal Claude Code / Cursor agent skills, rules, and config","skill_md_sha":"0e58397b5344be8294a2a2d95603fd7bdeaa15c1","skill_md_path":"skills/review-infrastructure/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/paultyng/skill-issue/tree/main/skills/review-infrastructure"},"layout":"multi","source":"github","category":"skill-issue","frontmatter":{"name":"review-infrastructure","description":"Use when the user asks for an infrastructure review, IaC review, Terraform review, Kubernetes manifest review, Dockerfile review, Helm chart review, container review, gateway review (Envoy / Ingress / Gateway API), service mesh review (Linkerd / Istio), east-west traffic review, north-south traffic review, mesh authorization review, or \"review the infra / IaC / manifests / Dockerfile / helm chart / gateway / mesh config\"."},"skills_sh_url":"https://skills.sh/paultyng/skill-issue/review-infrastructure"},"updatedAt":"2026-05-18T19:09:02.079Z"}}