scanning-for-secrets

Quick Review

The skill provides a clear overview and well-structured documentation for secret scanning functionality. The description adequately covers what the skill does and when to use it. However, taskKnowledge is weak - the skill references a 'secret-scanner plugin' but provides no concrete implementation details, specific commands, regex patterns, or actual scanning tools (e.g., truffleHog, gitleaks, detect-secrets). The Instructions section is generic security guidance rather than actionable secret-scanning steps. Structure is good with logical sections and clear examples. Novelty is moderate - while secret scanning is valuable, the skill lacks sophisticated implementation that would meaningfully reduce token usage beyond what a CLI agent could accomplish with standard tools. To improve, add concrete bash commands, specific pattern libraries, and actual tool integrations rather than conceptual references to a non-existent plugin.