from qaskills97
Guides agents to detect, prevent, and integrate secret-detection (API keys, passwords) into repos and CI using tools like gitleaks and trufflehog.
This skill equips an agent with best practices and step-by-step guidance for setting up secret-detection and prevention workflows. It covers tool selection, configuration, test writing, CI integration, and troubleshooting to help teams catch leaked credentials early.
Use this skill when onboarding secret-detection to a new project, reviewing or hardening an existing pipeline, debugging detection failures, or adding automated scans to CI/CD. It is suited for projects in Python, TypeScript, and JavaScript stacks.
Useful for developer-assistant agents (Claude Code, Cursor, GitHub Copilot-style tools) and any automation that can modify repo files or CI configurations.
This skill promises secret detection guidance using gitleaks and trufflehog but delivers almost entirely generic boilerplate. The 'Common Patterns' code block is empty, there are no actual configuration examples for either tool, no pre-commit hook snippets, and no CI pipeline configs. The anti-patterns and best practices sections are copy-pasted generic QA advice not specific to secret detection. A developer would gain no actionable value from this skill.
The skill has good frontmatter metadata and covers an important topic, but the body content is almost entirely generic template material. Appears to be a seeded/placeholder skill that was never filled in with real content. The author field 'qaskills' and the repo structure (seed-skills/) suggest this is a bulk-generated template.
