secret-scanlisted

# Secret Scan ## Core Question Does the current diff, staged set, or repository context contain secret-like material that must not be exposed, committed, or pushed? ## When To Use Use this skill when: - staged, unstaged, untracked, release, changelog, or tag content may contain credentials - preflight detects sensitive-looking files or values - a confidential file may have been committed - the user asks whether secrets are present - a secret may already have been committed or pushed ## When Not To Use Do not use this skill when: - general large-file checks - normal `.gitignore` hygiene without secret indicators - rotating credentials or changing external systems - rewriting history directly Route to: - large/binary file checks route to `large-file-lfs` - secret already committed or pushed routes to `undo-recover` plus manual credential rotation - commit blocking routes to `atomic-commits` after cleanup - ignore-rule changes are out of scope; provide manual guidance or route to a future ignore-hygiene skill only if the repository later adds one ## Required Evidence Before action, inspect or establish: - staged and unstaged diff with redaction - untracked file names and high-risk path names - secret-like pattern class, file, and line context - whether content is staged, unstaged, committed, or pushed - whether the user asked to remove content from Git only or also delete the local file - remote/shared exposure evidence if available No-evidence rule: - Do not make