Task(
  subagent_type="infra-engineer",
  run_in_background={true if --background else false},
  description="Infrastructure validation",
  prompt="Validate {detected_types} infrastructure in this repository.

  Run these validations (only for detected file types):

  **Kubernetes:**
  - kubectl apply --dry-run=client -f <files>
  - Check: security contexts, resource limits, non-root users
  - Check: liveness/readiness probes defined
  - Check: no 'latest' image tags

  **Helm:**
  - helm lint <chart>
  - helm template validation
  - Check: values.yaml has sensible defaults

  **GitHub Actions:**
  - actionlint (if available)
  - Check: secrets not hardcoded
  - Check: permissions minimized (not 'write-all')
  - Check: pinned action versions (@vX.Y.Z not @main)

  **Terraform:**
  - terraform fmt -check
  - terraform validate
  - Check: no hardcoded credentials
  - Check: state backend configured

  **Dockerfile:**
  - Multi-stage builds where appropriate
  - Non-root user (USER directive)
  - Pinned base image tags (not :latest)
  - No secrets in build args

  Output format:
  PASS/FAIL per category with file:line for issues.
  Severity: CRITICAL / IMPORTANT / SUGGESTION"
)

TaskOutput(task_id=<agent_id>, block=true)

mcp__perplexity-ask__perplexity_ask with:
"Current best practices for {specific concern} in {technology} 2024-2025"

DEPLOYMENT CHECK
================
Agent ID: {id} (use /agent:resume {id} to continue)

Kubernetes: [PASS/FAIL] - {details}
Helm: [PASS/FAIL] - {details}
GitHub Actions: [PASS/FAIL] - {details}
Terraform: [PASS/FAIL] - {details}
Docker: [PASS/FAIL] - {details}

CRITICAL Issues:
- file:line - issue description

IMPORTANT Issues:
- file:line - issue description

Recommendations:
- [prioritized list]