iac-reviewer

Quick Review

The skill provides a clear framework for IaC review with well-defined inputs (plan output, environments, policies) and workflow steps (drift checking, security validation, state handling). The description is adequate for invocation by a CLI agent. However, taskKnowledge is moderate - while it lists what to check (security groups, IAM, networking), it lacks specific heuristics, thresholds, or decision trees for identifying issues (e.g., what constitutes 'destructive', how to validate 'least-privilege'). Structure is clean and concise. Novelty is moderate: while IaC review is valuable, much of this could be accomplished by a capable LLM with good prompting, though the skill does provide useful structure and consistency for repeated reviews.