{"id":"b216a8ff-35f9-4e91-998f-a567a99a3357","shortId":"BzzRYr","kind":"skill","title":"gitops-repo-audit","tagline":"Audit and validate Flux CD GitOps repositories by scanning local repo files (not live clusters) — runs Kubernetes schema validation, detects deprecated Flux APIs, reviews RBAC/multi-tenancy/secrets management, and produces a prioritized GitOps report. Use when users ask to audit,","description":"# GitOps Repository Auditor\n\nYou are a GitOps repository auditor specialized in Flux CD. Your job is to examine\nGitOps repositories, identify issues, validate manifests, audit security posture,\nand provide actionable recommendations for improvement.\n\nWhen auditing a repository, follow the workflow below. Adapt the depth based on\nwhat the user asks for — a targeted question (\"are my HelmReleases configured\ncorrectly?\") doesn't need the full workflow; a broad request (\"audit this repo\")\ndoes.\n\n## Analysis Workflow\n\n### Phase 1: Discovery\n\nUnderstand the repository before diving into specifics.\n\n1. Run the bundled discovery script to get a Kubernetes resource inventory:\n   ```bash\n   scripts/discover.sh -d <repo-root>\n   ```\n   The script scans all YAML files (including multi-document files) and outputs resource counts by kind and by directory.\n2. Classify the repository pattern by reading [repo-patterns.md](references/repo-patterns.md) and matching against the heuristics table\n3. Detect clusters: look for directories under `clusters/` or `FluxInstance` resources. Read the FluxInstance to understand how the clusters are configured.\n4. Check for `gotk-sync.yaml` under `flux-system/` — its presence indicates `flux bootstrap` was used. Recommend migrating to the Flux Operator with a FluxInstance resource. Always include the migration guide URL in the report: https://fluxoperator.dev/docs/guides/migration/\n\n### Phase 2: Manifest Validation\n\nRun the bundled validation script to check YAML syntax, Kubernetes schemas, and Kustomize builds.\n\n```bash\nscripts/validate.sh -d <repo-root>\n```\n\nUse `-e <dir>` to exclude additional directories from validation.\n\n### Phase 3: API Compliance\n\nCheck for deprecated Flux API versions.\n\n1. Run the bundled check script:\n   ```\n   scripts/check-deprecated.sh -d <repo-root>\n   ```\n   The script runs `flux migrate -f . --dry-run` and outputs exact file paths,\n   line numbers, resource kinds, and the required version migration for each\n   deprecated API found. Exit code 1 means deprecated APIs were found.\n   \n2. If deprecated APIs are found, read [api-migration.md](references/api-migration.md) for the\n   migration procedure and include the steps in the report.\n\n### Phase 4: Best Practices Assessment\n\nRead [best-practices.md](references/best-practices.md) in full, do not summarize. Assess the repository\nagainst each applicable category. Not every checklist item applies to every repo \n— use judgment based on the repo's pattern, size, and maturity.\n\nFocus on the categories most relevant to what you found in discovery:\n- Monorepo? Check structure, ArtifactGenerator usage, dependency chains\n- Multi-repo fleet? Check RBAC, multi-tenancy, service accounts\n- Has HelmReleases? Check remediation, drift detection, versioning\n- Has valuesFrom or substituteFrom? Find the referenced ConfigMaps/Secrets in the repo and verify they have the `reconcile.fluxcd.io/watch: \"Enabled\"` label — without it, changes to those resources won't trigger reconciliation until the next interval\n- Has image automation? Check ImagePolicy semver ranges, update paths\n\nAlso check for **consistency** across similar resources. For example, if some\nHelmReleases use the modern `install.strategy` pattern while others use legacy\n`install.remediation.retries`, flag the inconsistency and recommend aligning\non the modern pattern.\n\n**Before recommending any YAML changes**, read the relevant OpenAPI schema from\n`assets/schemas/` to verify the exact field names and nesting.\nSchema files follow the naming convention `{kind}-{group}-{version}.json`\n(e.g., `helmrelease-helm-v2.json`, `kustomization-kustomize-v1.json`).\nDo not guess YAML structure from the checklist summaries.\n\n### Phase 5: Security Review\n\nRead [security-audit.md](references/security-audit.md) in full. Audit the repository against each\napplicable category. Use the scanning procedures at the end of the checklist to\nfind common issues.\n\nFocus on the categories most relevant to what you found in discovery:\n- Has Secrets? Check secrets management (SOPS, External Secrets)\n- Has private sources? Check source authentication and Workload Identity\n- Has OCI sources? Check supply chain security (Cosign verification, immutable tags)\n- Multi-tenant? Check RBAC, service accounts, cross-namespace refs, admission policies\n- Has FluxInstance? Check operator security settings (multitenant, network policies)\n- Has image automation? Check push credential separation and branch isolation\n\n### Phase 6: Report\n\nStructure findings as a markdown report with these sections if applicable:\n\n1. **Summary** — repo name, repo URL, classification (pattern name), clusters, Flux/K8s resource counts, overall status\n2. **Directory Structure** — repo layout and how directories map to clusters/environments\n3. **Validation Results** — if any errors where found\n4. **API Compliance** — if deprecated API are found include migration steps\n5. **Best Practices** — assessment against the checklist, with specific findings\n6. **Security** — secrets, RBAC, network policies, multi-tenancy\n7. **Recommendations** — prioritized by severity: **Critical**, **Warning**, **Info**\n\n## Flux CRD Reference\n\nUse this table to check API versions and read the OpenAPI schema before recommending YAML changes.\n\n| Controller | Kind | apiVersion | OpenAPI Schema |\n|---|---|---|---|\n| flux-operator | FluxInstance | `fluxcd.controlplane.io/v1` | [fluxinstance-fluxcd-v1.json](assets/schemas/fluxinstance-fluxcd-v1.json) |\n| flux-operator | FluxReport | `fluxcd.controlplane.io/v1` | [fluxreport-fluxcd-v1.json](assets/schemas/fluxreport-fluxcd-v1.json) |\n| flux-operator | ResourceSet | `fluxcd.controlplane.io/v1` | [resourceset-fluxcd-v1.json](assets/schemas/resourceset-fluxcd-v1.json) |\n| flux-operator | ResourceSetInputProvider | `fluxcd.controlplane.io/v1` | [resourcesetinputprovider-fluxcd-v1.json](assets/schemas/resourcesetinputprovider-fluxcd-v1.json) |\n| source-controller | GitRepository | `source.toolkit.fluxcd.io/v1` | [gitrepository-source-v1.json](assets/schemas/gitrepository-source-v1.json) |\n| source-controller | OCIRepository | `source.toolkit.fluxcd.io/v1` | [ocirepository-source-v1.json](assets/schemas/ocirepository-source-v1.json) |\n| source-controller | Bucket | `source.toolkit.fluxcd.io/v1` | [bucket-source-v1.json](assets/schemas/bucket-source-v1.json) |\n| source-controller | HelmRepository | `source.toolkit.fluxcd.io/v1` | [helmrepository-source-v1.json](assets/schemas/helmrepository-source-v1.json) |\n| source-controller | HelmChart | `source.toolkit.fluxcd.io/v1` | [helmchart-source-v1.json](assets/schemas/helmchart-source-v1.json) |\n| source-controller | ExternalArtifact | `source.toolkit.fluxcd.io/v1` | [externalartifact-source-v1.json](assets/schemas/externalartifact-source-v1.json) |\n| source-watcher | ArtifactGenerator | `source.extensions.fluxcd.io/v1beta1` | [artifactgenerator-source-v1beta1.json](assets/schemas/artifactgenerator-source-v1beta1.json) |\n| kustomize-controller | Kustomization | `kustomize.toolkit.fluxcd.io/v1` | [kustomization-kustomize-v1.json](assets/schemas/kustomization-kustomize-v1.json) |\n| helm-controller | HelmRelease | `helm.toolkit.fluxcd.io/v2` | [helmrelease-helm-v2.json](assets/schemas/helmrelease-helm-v2.json) |\n| notification-controller | Provider | `notification.toolkit.fluxcd.io/v1beta3` | [provider-notification-v1beta3.json](assets/schemas/provider-notification-v1beta3.json) |\n| notification-controller | Alert | `notification.toolkit.fluxcd.io/v1beta3` | [alert-notification-v1beta3.json](assets/schemas/alert-notification-v1beta3.json) |\n| notification-controller | Receiver | `notification.toolkit.fluxcd.io/v1` | [receiver-notification-v1.json](assets/schemas/receiver-notification-v1.json) |\n| image-reflector-controller | ImageRepository | `image.toolkit.fluxcd.io/v1` | [imagerepository-image-v1.json](assets/schemas/imagerepository-image-v1.json) |\n| image-reflector-controller | ImagePolicy | `image.toolkit.fluxcd.io/v1` | [imagepolicy-image-v1.json](assets/schemas/imagepolicy-image-v1.json) |\n| image-automation-controller | ImageUpdateAutomation | `image.toolkit.fluxcd.io/v1` | [imageupdateautomation-image-v1.json](assets/schemas/imageupdateautomation-image-v1.json) |\n\n## Loading References\n\nLoad reference files when you need deeper information:\n\n- **[repo-patterns.md](references/repo-patterns.md)** — When classifying the repository layout or explaining a pattern to the user\n- **[flux-api-summary.md](references/flux-api-summary.md)** — When checking Flux CRD field usage (sources, appliers, notifications, image automation)\n- **[flux-operator-api-summary.md](references/flux-operator-api-summary.md)** — When checking Flux Operator CRDs (FluxInstance, FluxReport, ResourceSet, ResourceSetInputProvider)\n- **[best-practices.md](references/best-practices.md)** — When assessing operational practices or generating the best practices section of the report\n- **[security-audit.md](references/security-audit.md)** — When performing the security review phase, audit against the full checklist and use the scanning procedures\n- **[api-migration.md](references/api-migration.md)** — When deprecated APIs are found, include the migration steps in the report\n\n## Edge Cases\n\n- **Not a Flux repo**: If no Flux CRDs are found, say so clearly. The repo might use ArgoCD, plain kubectl, or another tool. Don't force-fit Flux analysis.\n- **Mixed tooling**: Some repos combine Flux with CI workflows and Terraform. Analyze the Flux parts and note the other tools.\n- **SOPS-encrypted secrets**: Files with `sops:` metadata blocks are encrypted — don't flag them as malformed YAML. The validation script already skips Secrets.\n- **Generated manifests**: The `flux-system/gotk-components.yaml` is auto-generated by Flux bootstrap. Don't analyze it for best practices — it's managed by Flux itself.\n- **Repos without kustomization.yaml**: Some repos use plain YAML directories without Kustomize. Flux can reconcile these directly. Don't flag the absence of kustomization.yaml as an error.\n- **Multi-repo analysis**: When asked to analyze multiple related repos (fleet + infra + apps), analyze each independently but note the cross-repo relationships (GitRepository/OCIRepository references between repos).\n- **postBuild substitution variables**: Files with `${VARIABLE}` patterns are using Flux's variable substitution. Don't flag these as broken YAML — they're resolved at reconciliation time.\n- **Third-party CRDs**: Resources like cert-manager's `ClusterIssuer` or Kyverno's `ClusterPolicy` will show as \"skipped\" in kubeconform (missing schemas). This is expected — only Flux CRD schemas are downloaded. Don't flag these as validation failures.\n- **Kustomize build files**: `kustomization.yaml` files with `apiVersion: kustomize.config.k8s.io/v1beta1` are Kustomize build configs, not Flux CRDs.","tags":["gitops","repo","audit","agent","skills","fluxcd","agent-skills","ai-agents"],"capabilities":["skill","source-fluxcd","skill-gitops-repo-audit","topic-agent-skills","topic-ai-agents","topic-fluxcd","topic-gitops","topic-skills"],"categories":["agent-skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/fluxcd/agent-skills/gitops-repo-audit","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add fluxcd/agent-skills","source_repo":"https://github.com/fluxcd/agent-skills","install_from":"skills.sh"}},"qualityScore":"0.505","qualityRationale":"deterministic score 0.51 from registry signals: · indexed on github topic:agent-skills · 111 github stars · SKILL.md body (10,862 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-04-22T00:55:22.640Z","embedding":null,"createdAt":"2026-04-18T22:11:03.794Z","updatedAt":"2026-04-22T00:55:22.640Z","lastSeenAt":"2026-04-22T00:55:22.640Z","tsv":"'/docs/guides/migration/':234 '/gotk-components.yaml':1095 '/v1':750,759,768,777,786,795,804,813,822,831,849,885,895,905,915 '/v1beta1':840,1244 '/v1beta3':867,876 '/v2':858 '/watch:':432 '1':118,127,274,312,648 '2':162,236,318,663 '3':177,265,674 '4':198,339,682 '5':533,693 '6':635,703 '7':712 'absenc':1136 'account':406,608 'across':462 'action':72 'adapt':84 'addit':260 'admiss':613 'alert':873 'alert-notification-v1beta3.json':877 'align':485 'alreadi':1086 'also':458 'alway':223 'analysi':115,1044,1145 'analyz':1056,1105,1149,1156 'anoth':1036 'api':27,266,272,308,315,321,683,687,728,1003 'api-migration.md':325,999 'apivers':741,1241 'app':1155 'appli':362 'applic':356,546,647 'applier':951 'argocd':1032 'artifactgener':392,837 'artifactgenerator-source-v1beta1.json':841 'ask':40,92,1147 'assess':342,351,696,969 'assets/schemas':501 'assets/schemas/alert-notification-v1beta3.json':878 'assets/schemas/artifactgenerator-source-v1beta1.json':842 'assets/schemas/bucket-source-v1.json':806 'assets/schemas/externalartifact-source-v1.json':833 'assets/schemas/fluxinstance-fluxcd-v1.json':752 'assets/schemas/fluxreport-fluxcd-v1.json':761 'assets/schemas/gitrepository-source-v1.json':788 'assets/schemas/helmchart-source-v1.json':824 'assets/schemas/helmrelease-helm-v2.json':860 'assets/schemas/helmrepository-source-v1.json':815 'assets/schemas/imagepolicy-image-v1.json':907 'assets/schemas/imagerepository-image-v1.json':897 'assets/schemas/imageupdateautomation-image-v1.json':917 'assets/schemas/kustomization-kustomize-v1.json':851 'assets/schemas/ocirepository-source-v1.json':797 'assets/schemas/provider-notification-v1beta3.json':869 'assets/schemas/receiver-notification-v1.json':887 'assets/schemas/resourceset-fluxcd-v1.json':770 'assets/schemas/resourcesetinputprovider-fluxcd-v1.json':779 'audit':4,5,42,67,77,111,541,989 'auditor':45,51 'authent':587 'auto':1098 'auto-gener':1097 'autom':451,626,910,954 'base':87,368 'bash':139,253 'best':340,694,975,1108 'best-practices.md':344,966 'block':1073 'bootstrap':210,1102 'branch':632 'broad':109 'broken':1188 'bucket':801 'bucket-source-v1.json':805 'build':252,1236,1247 'bundl':130,241,277 'case':1014 'categori':357,380,547,565 'cd':9,55 'cert':1203 'cert-manag':1202 'chain':395,596 'chang':437,494,738 'check':199,245,268,278,390,400,409,452,459,576,585,594,605,617,627,727,945,958 'checklist':360,530,557,699,993 'ci':1052 'classif':654 'classifi':163,931 'clear':1027 'cluster':19,179,184,195,657 'clusterissu':1206 'clusterpolici':1210 'clusters/environments':673 'code':311 'combin':1049 'common':560 'complianc':267,684 'config':1248 'configmaps/secrets':421 'configur':100,197 'consist':461 'control':739,782,791,800,809,818,827,845,854,863,872,881,891,901,911 'convent':515 'correct':101 'cosign':598 'count':156,660 'crd':721,947,1224 'crds':961,1022,1199,1251 'credenti':629 'critic':717 'cross':610,1163 'cross-namespac':609 'cross-repo':1162 'd':141,255,281 'deeper':926 'depend':394 'deprec':25,270,307,314,320,686,1002 'depth':86 'detect':24,178,412 'direct':1131 'directori':161,182,261,664,670,1124 'discoveri':119,131,388,573 'dive':124 'document':151 'doesn':102 'download':1227 'dri':289 'drift':411 'dry-run':288 'e':257 'e.g':520 'edg':1013 'enabl':433 'encrypt':1067,1075 'end':554 'error':679,1141 'everi':359,364 'exact':293,505 'examin':60 'exampl':466 'exclud':259 'exit':310 'expect':1221 'explain':936 'extern':580 'externalartifact':828 'externalartifact-source-v1.json':832 'f':287 'failur':1234 'field':506,948 'file':16,147,152,294,511,922,1069,1173,1237,1239 'find':418,559,638,702 'fit':1042 'flag':480,1078,1134,1185,1230 'fleet':399,1153 'flux':8,26,54,204,209,217,271,285,720,745,754,763,772,946,959,1017,1021,1043,1050,1058,1093,1101,1114,1127,1179,1223,1250 'flux-api-summary.md':942 'flux-oper':744,753,762,771 'flux-operator-api-summary.md':955 'flux-system':203,1092 'flux/k8s':658 'fluxcd.controlplane.io':749,758,767,776 'fluxcd.controlplane.io/v1':748,757,766,775 'fluxinst':186,190,221,616,747,962 'fluxinstance-fluxcd-v1.json':751 'fluxoperator.dev':233 'fluxoperator.dev/docs/guides/migration/':232 'fluxreport':756,963 'fluxreport-fluxcd-v1.json':760 'focus':377,562 'follow':80,512 'forc':1041 'force-fit':1040 'found':309,317,323,386,571,681,689,1005,1024 'full':106,347,540,992 'generat':973,1089,1099 'get':134 'gitop':2,10,35,43,49,61 'gitops-repo-audit':1 'gitrepositori':783 'gitrepository-source-v1.json':787 'gitrepository/ocirepository':1166 'gotk-sync.yaml':201 'group':517 'guess':525 'guid':227 'helm':853 'helm-control':852 'helm.toolkit.fluxcd.io':857 'helm.toolkit.fluxcd.io/v2':856 'helmchart':819 'helmchart-source-v1.json':823 'helmreleas':99,408,469,855 'helmrelease-helm-v2.json':521,859 'helmrepositori':810 'helmrepository-source-v1.json':814 'heurist':175 'ident':590 'identifi':63 'imag':450,625,889,899,909,953 'image-automation-control':908 'image-reflector-control':888,898 'image.toolkit.fluxcd.io':894,904,914 'image.toolkit.fluxcd.io/v1':893,903,913 'imagepolici':453,902 'imagepolicy-image-v1.json':906 'imagerepositori':892 'imagerepository-image-v1.json':896 'imageupdateautom':912 'imageupdateautomation-image-v1.json':916 'immut':600 'improv':75 'includ':148,224,332,690,1006 'inconsist':482 'independ':1158 'indic':208 'info':719 'inform':927 'infra':1154 'install.remediation.retries':479 'install.strategy':473 'interv':448 'inventori':138 'isol':633 'issu':64,561 'item':361 'job':57 'json':519 'judgment':367 'kind':158,299,516,740 'kubeconform':1216 'kubectl':1034 'kubernet':21,136,248 'kustom':251,844,846,1126,1235,1246 'kustomization-kustomize-v1.json':522,850 'kustomization.yaml':1118,1138,1238 'kustomize-control':843 'kustomize.config.k8s.io':1243 'kustomize.config.k8s.io/v1beta1':1242 'kustomize.toolkit.fluxcd.io':848 'kustomize.toolkit.fluxcd.io/v1':847 'kyverno':1208 'label':434 'layout':667,934 'legaci':478 'like':1201 'line':296 'live':18 'load':918,920 'local':14 'look':180 'malform':1081 'manag':30,578,1112,1204 'manifest':66,237,1090 'map':671 'markdown':641 'match':172 'matur':376 'mean':313 'metadata':1072 'might':1030 'migrat':214,226,286,304,329,691,1008 'miss':1217 'mix':1045 'modern':472,488 'monorepo':389 'multi':150,397,403,603,710,1143 'multi-docu':149 'multi-repo':396,1142 'multi-ten':402,602,709 'multipl':1150 'multiten':621 'name':507,514,651,656 'namespac':611 'need':104,925 'nest':509 'network':622,707 'next':447 'note':1061,1160 'notif':862,871,880,952 'notification-control':861,870,879 'notification.toolkit.fluxcd.io':866,875,884 'notification.toolkit.fluxcd.io/v1':883 'notification.toolkit.fluxcd.io/v1beta3':865,874 'number':297 'oci':592 'ocirepositori':792 'ocirepository-source-v1.json':796 'openapi':498,733,742 'oper':218,618,746,755,764,773,960,970 'other':476 'output':154,292 'overal':661 'part':1059 'parti':1198 'path':295,457 'pattern':166,373,474,489,655,938,1176 'perform':984 'phase':117,235,264,338,532,634,988 'plain':1033,1122 'polici':614,623,708 'postbuild':1170 'postur':69 'practic':341,695,971,976,1109 'presenc':207 'priorit':34,714 'privat':583 'procedur':330,551,998 'produc':32 'provid':71,864 'provider-notification-v1beta3.json':868 'push':628 'question':96 'rang':455 'rbac':401,606,706 'rbac/multi-tenancy/secrets':29 're':1191 'read':168,188,324,343,495,536,731 'receiv':882 'receiver-notification-v1.json':886 'recommend':73,213,484,491,713,736 'reconcil':1129 'reconcile.fluxcd.io':431 'reconcile.fluxcd.io/watch:':430 'reconcili':444,1194 'ref':612 'refer':722,919,921,1167 'referenc':420 'references/api-migration.md':326,1000 'references/best-practices.md':345,967 'references/flux-api-summary.md':943 'references/flux-operator-api-summary.md':956 'references/repo-patterns.md':170,929 'references/security-audit.md':538,982 'reflector':890,900 'relat':1151 'relationship':1165 'relev':382,497,567 'remedi':410 'repo':3,15,113,365,371,398,424,650,652,666,1018,1029,1048,1116,1120,1144,1152,1164,1169 'repo-patterns.md':169,928 'report':36,231,337,636,642,980,1012 'repositori':11,44,50,62,79,122,165,353,543,933 'request':110 'requir':302 'resolv':1192 'resourc':137,155,187,222,298,440,464,659,1200 'resourceset':765,964 'resourceset-fluxcd-v1.json':769 'resourcesetinputprovid':774,965 'resourcesetinputprovider-fluxcd-v1.json':778 'result':676 'review':28,535,987 'run':20,128,239,275,284,290 'say':1025 'scan':13,144,550,997 'schema':22,249,499,510,734,743,1218,1225 'script':132,143,243,279,283,1085 'scripts/check-deprecated.sh':280 'scripts/discover.sh':140 'scripts/validate.sh':254 'secret':575,577,581,705,1068,1088 'section':645,977 'secur':68,534,597,619,704,986 'security-audit.md':537,981 'semver':454 'separ':630 'servic':405,607 'set':620 'sever':716 'show':1212 'similar':463 'size':374 'skill' 'skill-gitops-repo-audit' 'skip':1087,1214 'sop':579,1066,1071 'sops-encrypt':1065 'sourc':584,586,593,781,790,799,808,817,826,835,950 'source-control':780,789,798,807,816,825 'source-fluxcd' 'source-watch':834 'source.extensions.fluxcd.io':839 'source.extensions.fluxcd.io/v1beta1':838 'source.toolkit.fluxcd.io':785,794,803,812,821,830 'source.toolkit.fluxcd.io/v1':784,793,802,811,820,829 'special':52 'specif':126,701 'status':662 'step':334,692,1009 'structur':391,527,637,665 'substitut':1171,1182 'substitutefrom':417 'summar':350 'summari':531,649 'suppli':595 'syntax':247 'system':205,1094 'tabl':176,725 'tag':601 'target':95 'tenanc':404,711 'tenant':604 'terraform':1055 'third':1197 'third-parti':1196 'time':1195 'tool':1037,1046,1064 'topic-agent-skills' 'topic-ai-agents' 'topic-fluxcd' 'topic-gitops' 'topic-skills' 'trigger':443 'understand':120,192 'updat':456 'url':228,653 'usag':393,949 'use':37,212,256,366,470,477,548,723,995,1031,1121,1178 'user':39,91,941 'valid':7,23,65,238,242,263,675,1084,1233 'valuesfrom':415 'variabl':1172,1175,1181 'verif':599 'verifi':426,503 'version':273,303,413,518,729 'warn':718 'watcher':836 'without':435,1117,1125 'won':441 'workflow':82,107,116,1053 'workload':589 'yaml':146,246,493,526,737,1082,1123,1189","prices":[{"id":"670e889c-e50e-4c34-84c8-3322886c0e6e","listingId":"b216a8ff-35f9-4e91-998f-a567a99a3357","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"fluxcd","category":"agent-skills","install_from":"skills.sh"},"createdAt":"2026-04-18T22:11:03.794Z"}],"sources":[{"listingId":"b216a8ff-35f9-4e91-998f-a567a99a3357","source":"github","sourceId":"fluxcd/agent-skills/gitops-repo-audit","sourceUrl":"https://github.com/fluxcd/agent-skills/tree/main/skills/gitops-repo-audit","isPrimary":false,"firstSeenAt":"2026-04-18T22:11:03.794Z","lastSeenAt":"2026-04-22T00:55:22.640Z"}],"details":{"listingId":"b216a8ff-35f9-4e91-998f-a567a99a3357","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"fluxcd","slug":"gitops-repo-audit","github":{"repo":"fluxcd/agent-skills","stars":111,"topics":["agent-skills","ai-agents","fluxcd","gitops","skills"],"license":"apache-2.0","html_url":"https://github.com/fluxcd/agent-skills","pushed_at":"2026-04-22T00:35:26Z","description":"Skills to transform AI Agents into GitOps Engineers","skill_md_sha":"012bad37a7184b9001eeecbf30a68d2609e3ce92","skill_md_path":"skills/gitops-repo-audit/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/fluxcd/agent-skills/tree/main/skills/gitops-repo-audit"},"layout":"multi","source":"github","category":"agent-skills","frontmatter":{"name":"gitops-repo-audit","license":"Apache-2.0","description":"Audit and validate Flux CD GitOps repositories by scanning local repo files (not live clusters) — runs Kubernetes schema validation, detects deprecated Flux APIs, reviews RBAC/multi-tenancy/secrets management, and produces a prioritized GitOps report. Use when users ask to audit, analyze, validate, review, or security-check a GitOps repo.","compatibility":"Requires awk, git, kustomize, kubeconform, flux, yq"},"skills_sh_url":"https://skills.sh/fluxcd/agent-skills/gitops-repo-audit"},"updatedAt":"2026-04-22T00:55:22.640Z"}}