Env Secrets

Handle .env* files with local-first precedence and minimal value exposure. Use dotenvx for one-shot command injection, not for printing secret values.

Scope

This skill exists to help agents operate .env* files safely:

• discover candidate env files without printing values
• recommend the right target file from local evidence and user intent
• resolve dotenvx load order with local-first final precedence
• stage and persist one-line sensitive values without chat exposure
• run commands with selected env files while blocking risky defaults

It does not manage non-.env credential stores, password managers, shell profiles, or production secret managers.

Core Rules