Secret Detection & Prevention
from qaskills97
Guides agents to detect, prevent, and integrate secret-detection (API keys, passwords) into repos and CI using tools like gitleaks and trufflehog.
What it does
This skill equips an agent with best practices and step-by-step guidance for setting up secret-detection and prevention workflows. It covers tool selection, configuration, test writing, CI integration, and troubleshooting to help teams catch leaked credentials early.
When to use it
Use this skill when onboarding secret-detection to a new project, reviewing or hardening an existing pipeline, debugging detection failures, or adding automated scans to CI/CD. It is suited for projects in Python, TypeScript, and JavaScript stacks.
What's included
- Scripts: none packaged with the SKILL.md (has_scripts=false)
- References: none included (has_references=false)
- Instructions: a detailed implementation guide covering assessment, tool choice, configuration steps, writing tests, CI integration, and common troubleshooting steps.
Compatible agents
Useful for developer-assistant agents (Claude Code, Cursor, GitHub Copilot-style tools) and any automation that can modify repo files or CI configurations.
Tags
Information
- Repository
- qaskills
- Stars
- 97
- Installs
- 0
