Safe Repository Check
Context
Security audit for sensitive data in repository. Check for credentials, API keys, company-specific information, and PII.
Workflow
- •Get tracked files:
git ls-files(avoids local gitignored files) - •Search for credential patterns (see
patterns.md):- •API keys, passwords, tokens, AWS credentials
- •Private key files (.pem, .key, _rsa)
- •Check for sensitive tracked files (.env, secrets)
- •Analyze git history for removed secrets
- •Review
.gitignorefor proper patterns - •Report findings (see
report-template.md)
Rules
- •Only check git-tracked files (
git ls-files) - ignore local configs - •Check current tracked files AND git history
- •Filter false positives: minified JS, node_modules, test fixtures, docs
- •Verify
.gitignorecovers sensitive patterns - •Report tracked files with secrets and historical commits
- •Never output actual secret values in report