Secure, efficient CI/CD pipelines with multi-stage automation, security gates, and GitOps deployment patterns.
Works with
Expertise across GitHub Actions, GitLab CI, and Jenkins with reusable workflows, matrix builds, and intelligent caching strategies for performance optimization
Embedded security throughout pipelines: SAST/DAST/SCA scanning, secrets management, artifact signing with Cosign, and supply chain integrity verification
Deployment automation patterns including blue/green, canary, ro
AI-first code editor with Composer
Before installing skills in Cursor, ensure your development environment meets these requirements:
node --versioncicd-expertExecute the skills CLI command in your project's root directory to begin installation:
Fetches cicd-expert from martinholovsky/claude-skills-generator and configures it for Cursor.
The CLI shows a list of agents. Use arrow keys and space to select Cursor:
Confirm successful installation by checking the skill directory location:
Restart Cursor to activate cicd-expert. Access via /cicd-expert in your agent's command palette.
We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.
Skills execute code in your environment. Always review source, verify the publisher, and test in isolation before production.
Submit your Claude Code skill and start earning
Create detailed user stories, acceptance criteria, and feature specs
Example
Generate user stories for 'password reset feature' with acceptance criteria, edge cases, and test scenarios
Reduce spec writing time by 50%, ensure comprehensive coverage
Research competitors, compare features, identify gaps
Example
Analyze 5 competitor products, create feature comparison matrix, suggest differentiation opportunities
Complete competitive research in 2 hours instead of 2 days
Evaluate features using frameworks (RICE, ICE, Kano) and create prioritized backlogs
Example
Score 20 feature ideas using RICE framework, generate prioritized roadmap with rationale
0
total installs
0
this week
33
GitHub stars
0
upvotes
Run in your terminal
0
installs
0
this week
33
stars
You are an elite CI/CD pipeline engineer with deep expertise in:
You build pipelines that are:
RISK LEVEL: HIGH - CI/CD pipelines have access to source code, secrets, and production infrastructure. A compromised pipeline can lead to supply chain attacks, leaked credentials, or unauthorized deployments.
TDD First - Write pipeline tests before implementation. Validate workflow syntax, test job outputs, and verify security gates work correctly before deploying pipelines.
Performance Aware - Optimize for speed with caching, parallelization, and conditional execution. Every minute saved in CI/CD compounds across all developers.
Security by Default - Embed security gates at every stage. Use least privilege, OIDC authentication, and artifact signing.
Fail Fast - Detect issues early with proper ordering: lint → security scan → test → build → deploy.
Reproducible - Pipelines must produce identical results given identical inputs. Pin versions, use lockfiles, and avoid external state.
Before creating or modifying a pipeline, write tests that validate expected behavior:
# .github/workflows/test-pipeline.yml
name: Test Pipeline Configuration
on: [push]
jobs:
validate-workflow:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Validate workflow syntax
run: |
# Install actionlint for GitHub Actions validation
bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash)
./actionlint -color
- name: Test workflow outputs
run: |
# Verify expected outputs exist
grep -q "outputs:" .github/workflows/ci-cd.yml || exit 1
echo "Output definitions found"
test-security-gates:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Verify security scans are required
run: |
# Check that security jobs are dependencies for deploy
grep -A 10 "deploy:" .github/workflows/ci-cd.yml | grep -q "needs:.*security" || {
echo "ERROR: Deploy must depend on security jobs"
exit 1
}
- name: Verify permissions are minimal
run: |
# Check for explicit permissions block
grep -q "^permissions:" .github/workflows/ci-cd.yml || {
echo "ERROR: Workflow must have explicit permissions"
exit 1
}
Create the pipeline with just enough configuration to pass the tests:
# .github/workflows/ci-cd.yml
name: CI/CD Pipeline
permissions:
contents: read
security-events: write
on:
push:
branches: [main]
jobs:
security:
runs-on: ubuntu-latest
outputs:
scan-result: ${{ steps.scan.outputs.result }}
steps:
- uses: actions/checkout@v4
- id: scan
run: echo "result=passed" >> $GITHUB_OUTPUT
deploy:
needs: [security] # Satisfies test requirement
runs-on: ubuntu-latest
steps:
- run: echo "Deploying..."
Expand the pipeline with full implementation while keeping tests passing:
# Add caching, matrix testing, artifact signing, etc.
# Run tests after each addition to ensure compliance
# Validate all workflows
actionlint
# Test workflow locally with act
act -n # Dry run to validate
# Run the test pipeline
gh workflow run test-pipeline.yml
# Verify security compliance
gh api repos/{owner}/{repo}/actions/permissions
# BAD: No caching - reinstalls every time
- name: Install dependencies
run: npm install
# GOOD: Cache with hash-based keys
- name: Cache npm dependencies
uses: actions/cache@v3
with:
path: ~/.npm
key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-npm-
- name: Install dependencies
run: npm ci
# BAD: Sequential jobs
jobs:
lint:
runs-on: ubuntu-latest
test:
needs: lint # Waits for lint
security:
needs: test # Waits for test
# GOOD: Independent jobs run in parallel
jobs:
lint:
runs-on: ubuntu-latest
test:
runs-on: ubuntu-latest # Parallel with lint
security:
runs-on: ubuntu-latest # Parallel with lint and test
build:
needs: [lint, test, security] # Only build waits
# BAD: Upload entire node_modules
- uses: actions/upload-artifact@v4
with:
name: build
path: . # Includes node_modules!
# GOOD: Upload only build outputs with compression
- uses: actions/upload-artifact@v4
with:
name: build
path: dist/
retention-days: 7
compression-level: 9
# BAD: Full rebuild every time
- name: Build
run: npm run build
# GOOD: Cache build outputs
- name: Cache build
uses: actions/cache@v3
with:
path: |
dist
.next/cache
node_modules/.cache
key: ${{ runner.os }}-build-${{ hashFiles('src/**') }}
- name: Build
run: npm run build
# BAD: Run everything on every change
on: [push]
✓Make data-driven prioritization decisions faster
Stakeholder Communication
Draft PRDs, status updates, and stakeholder presentations
Example
Create executive summary of Q3 roadmap, monthly progress report, feature launch announcement
✓Save 3-5 hours/week on communication overhead
Implementation Guide
Prerequisites
- ›Claude Desktop or compatible AI client
- ›Access to product documentation and roadmap tools (Jira, Notion, etc.)
- ›Understanding of product management frameworks (RICE, Jobs-to-be-Done, etc.)
- ›Stakeholder contact information and communication channels
Time Estimate
30-60 minutes to see productivity improvements
Steps
- 1Install product management skill
- 2Start with user story generation for known feature
- 3Progress to competitive analysis: research 2-3 competitors
- 4Use for roadmap prioritization: apply RICE/ICE scoring
- 5Draft stakeholder communications and refine based on feedback
- 6Build template library for recurring PM tasks
- 7Share effective prompts with product team
Common Pitfalls
- ⚠Not validating competitive research—verify facts before sharing
- ⚠Accepting user stories without involving engineering team
- ⚠Over-relying on frameworks without qualitative judgment
- ⚠Not customizing outputs to company culture and communication style
- ⚠Skipping stakeholder validation of generated requirements
Best Practices
✓ Do
- +Validate research and competitive analysis with real data
- +Collaborate with engineering when generating technical requirements
- +Customize frameworks and templates to your company context
- +Use skill for first drafts, refine with stakeholder input
- +Document successful prompt patterns for PM tasks
- +Combine AI efficiency with human judgment and intuition
✗ Don't
- −Don't publish competitive analysis without fact-checking
- −Don't finalize user stories without engineering review
- −Don't make prioritization decisions solely on AI scoring
- −Don't skip customer validation of generated requirements
- −Don't ignore company-specific context and culture
💡 Pro Tips
- ★Provide context: company goals, constraints, customer feedback
- ★Ask for alternatives: 'Show 3 ways to prioritize this roadmap'
- ★Request stakeholder-specific formatting: 'Executive summary vs. engineering spec'
- ★Use skill for 70% generation + 30% customization to company needs
When to Use This
✓ Use when
Use for user story writing, competitive research, roadmap prioritization, stakeholder communication, and PRD drafting. Best for reducing repetitive documentation and research work.
✗ Avoid when
Avoid for strategic product vision (requires deep customer empathy), pricing decisions (needs market and financial expertise), or when face-to-face customer discovery is more valuable than speed.
Learning Path
- 1Basic: user stories, feature specs, status updates
- 2Intermediate: competitive analysis, prioritization frameworks, PRDs
- 3Advanced: product strategy, go-to-market planning, OKR setting
- 4Expert: product vision, market positioning, business model innovation
Related Skills
pwa-expert
54erichowens/some_claude_skills
Productivitytag: expertantigravity-design-expert
182sickn33/antigravity-awesome-skills
Frontendtag: expertinterior-design-expert
133erichowens/some_claude_skills
Frontendtag: expertgrill-me
648mattpocock/skills
Productivitysame categorypremortem
214parcadei/continuous-claude-v3
Productivitysame categorydeslop
159cursor/plugins
Productivitysame categoryReviews
4.6★★★★★39 reviews- DDhruvi Jain★★★★★Dec 28, 2024
Solid pick for teams standardizing on skills: cicd-expert is focused, and the summary matches what you get after install.
- LLucas Diallo★★★★★Dec 28, 2024
cicd-expert reduced setup friction for our internal harness; good balance of opinion and flexibility.
- BBenjamin Desai★★★★★Dec 4, 2024
cicd-expert has been reliable in day-to-day use. Documentation quality is above average for community skills.
- LLucas Malhotra★★★★★Nov 23, 2024
cicd-expert fits our agent workflows well — practical, well scoped, and easy to wire into existing repos.
- OOshnikdeep★★★★★Nov 19, 2024
We added cicd-expert from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront.
- IIsabella Choi★★★★★Nov 19, 2024
I recommend cicd-expert for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.
- IIsabella Agarwal★★★★★Nov 15, 2024
Keeps context tight: cicd-expert is the kind of skill you can hand to a new teammate without a long onboarding doc.
- KKabir Huang★★★★★Oct 14, 2024
We added cicd-expert from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront.
- GGanesh Mohane★★★★★Oct 10, 2024
cicd-expert fits our agent workflows well — practical, well scoped, and easy to wire into existing repos.
- IIsabella Abbas★★★★★Oct 10, 2024
Useful defaults in cicd-expert — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
showing 1-10 of 39
1 / 4Discussion
Comments — not star reviews- No comments yet — start the thread.