safe-repo
Safe Repository Check
Context
Security audit for sensitive data in repository. Check for credentials, API keys, company-specific information, and PII.
Workflow
- Run
bash scripts/scan-secrets.shto scan all tracked files for credential patterns (see references/patterns.md for full pattern list) - Check for sensitive tracked files (.env, secrets)
- Analyze git history for removed secrets
- Review
.gitignorefor proper patterns - Report findings (see assets/report-template.md)
Rules
- Only check git-tracked files (
git ls-files) - ignore local configs - Check current tracked files AND git history
- Filter false positives: minified JS, node_modules, test fixtures, docs
- Verify
.gitignorecovers sensitive patterns - Report tracked files with secrets and historical commits
- Never output actual secret values in report
Error Handling
- If
git ls-filesreturns nothing → verify the current directory is a git repository; rungit statusto confirm - If git history scan is slow → limit to last 100 commits with
git log --oneline -100 - If false positives are high → cross-reference against patterns in references/patterns.md before reporting
More from helderberto/skills
ship
Commit and push changes using atomic commits. Use when user asks to "ship", "commit and push", or requests committing and pushing changes. Don't use for creating pull requests or reviewing changes before committing.
46explain-code
Explains code with visual diagrams and analogies. Use when explaining how code works, teaching about a codebase, or when the user asks "how does this work?" Don't use for modifying code, fixing bugs, or generating new implementations.
45refactor-plan
Create structured refactoring plans. Use when user wants to plan a refactor, needs a refactoring strategy, or mentions breaking down large changes into small commits. Don't use for implementing code changes directly, small one-line fixes, or renaming a single variable.
45lint
Run linting and formatting checks. Use when user asks to "run linter", "/lint", "check linting", "fix lint errors", or requests code linting/formatting. Don't use for running tests, type-checking only, or projects without a lint script in package.json.
40tdd
Guides test-driven development with red-green-refactor loop. Use when user wants to build features or fix bugs using TDD, mentions "red-green-refactor", wants test-first development, or requests TDD workflow. Don't use for writing tests after implementation, adding tests to existing untested code, or one-off test fixes.
40commit
Create git commits following repository style. Use when user asks to "create a commit", "commit changes", "/commit", or requests committing code to git. Don't use for pushing code, creating pull requests, or reviewing changes.
38