Secret Scan
Core rules
- •Prefer
task secrets:scanwhen available. - •If
gitleaksis missing, ask the user to install it (do not install automatically). - •Do not add allowlists or ignore patterns without explicit user confirmation.
- •Summarize findings clearly and suggest fixes or redaction steps.
Workflow
- •Check whether
gitleaksis installed or Taskfile hassecrets:scan. - •Run the scan.
- •If findings exist, list impacted files and suggest remediation.
- •If false positives, propose a minimal allowlist and ask for approval.