Git Security Checks

What it does

This skill performs automated security analysis on Git repositories to identify vulnerabilities and misconfigurations before code is committed or pushed. It scans for exposed secrets, insecure dependencies, and dangerous patterns within the repository history and current state.

When to use it

• Before pushing sensitive credentials like API keys or tokens to a public or private branch.
• During pre-commit workflows to prevent accidental exposure of private data in version control.
• When auditing third-party open-source dependencies for known security flaws.
• As part of a CI/CD pipeline to enforce security standards before merging pull requests.

Key capabilities

• Detects hardcoded secrets and sensitive information within code files.
• Identifies insecure or vulnerable software dependencies in the project.
• Analyzes Git history to find previously committed sensitive data that may have been deleted but remains accessible.
• Flags common security misconfigurations in repository settings and file permissions.

Example prompts

• "Run a full security scan on my current branch to check for exposed API keys or database passwords."
• "Analyze the last 50 commits to see if any sensitive files were accidentally committed and not properly removed from history."
• "Check our package.json and requirements.txt files for known vulnerable dependencies before I merge this PR."

Tips & gotchas

Ensure your repository is cloned locally or accessible via a secure connection, as the tool needs to read file contents and commit logs. While effective at finding obvious secrets, it may not catch every complex logic vulnerability; always pair this with manual code reviews for critical security features.