SKILL: Insecure Source Code Management

AI LOAD INSTRUCTION: This skill covers detection and recovery of exposed version-control metadata, common backup artifacts, and related misconfigurations. Use only in authorized assessments. Treat recovered credentials and URLs as sensitive; do not exfiltrate real data beyond scope. For broad discovery workflow, cross-load recon-for-sec and recon-and-methodology when those skills exist in the workspace.

0. QUICK START

High-value paths to probe first (GET or HEAD, respect rate limits):

/.git/HEAD
/.git/config
/.svn/entries
/.svn/wc.db
/.hg/requires
/.bzr/README
/.DS_Store
/.env