Safe Repository Check

Context

Security audit for sensitive data in repository. Check for credentials, API keys, company-specific information, and PII.

Workflow

1. Run bash scripts/scan-secrets.sh to scan all tracked files for credential patterns (see references/patterns.md for full pattern list)
2. Check for sensitive tracked files (.env, secrets)
3. Analyze git history for removed secrets
4. Review .gitignore for proper patterns
5. Report findings (see assets/report-template.md)

Rules

• Only check git-tracked files (git ls-files) - ignore local configs
• Check current tracked files AND git history