public-surface-auditlisted

# public-surface-audit — Operator-Private Token Leak Scan Scans the git-tracked file set (the public surface) for operator-private tokens that were supposed to stay in gitignored files (e.g. `CLAUDE.local.md`, companion store). After a public/private split, a front-door fix is not enough — a leaked username or absolute home path anywhere in the tracked set breaks the "public repo = model-agnostic methodology only" invariant. > While `marketplace-gate` Check 5 answers "is this repo broadly safe to publish?" (API keys, internal > domains, license), `public-surface-audit` answers a narrower question: "did any operator-private > token survive the public/private split into a tracked file?" It scans `git ls-files` only — gitignored > files like `CLAUDE.local.md` are intentionally out of scope (they are the *correct* home for these tokens). ## Triggers - `/public-surface-audit` - `/public-surface-audit --target <repo path>` - `/public-surface-audit --json` (machine-parseable verdict for hook-gating — see Step 5) - "Did I leak anything into the public repo?", "public surface audit", "private token scan" - "Check tracked files for private tokens", "is my public/private split clean?" - "Did any operator-private token survive into a tracked file?", "scan before publish" --- ## Scope — Tracked Files Only This skill scans **only `git ls-files`** (committed/staged tracked files). Gitignored files are deliberately excluded — `CLAUDE.local.md`, the companion store, and local session d