* feat(skills): add secret-scanning-maintainer skill
Add a maintainer-only skill for handling GitHub Secret Scanning alerts.
Covers issue_comment, issue_body, pull_request_body, and commit leak
types with redaction, history purge (delete+recreate for comments),
author notification, and alert resolution workflows.
* fix(skills): harden secret-scanning-maintainer based on security review
- Remove all secret value fragments from redaction markers (type-only)
- Remove alert URLs and partial secret previews from public comments
- Use temp files with heredoc for all gh api body content (shell injection)
- Add rule: never print raw API responses containing secrets to stdout
- Notification comments now only reference secret type, no value hints
Addresses 4 of 6 security findings from PR review:
1. Over-permissive redaction → type-only markers
3. Public partial preview + alert URL → removed from comments
4. Shell quoting risk → heredoc + temp file pattern
5. Stdout secret exposure → jq-only extraction rule
Findings #2 (revoked without rotation) and #6 (public playbook) are
accepted as-is with documented rationale.
* fix(skills): address all bot review findings on secret-scanning skill
Addresses findings from Codex, Greptile, and Aisle bot reviews:
- Add pull_request_comment and pull_request_review_comment to location
type routing table (was being skipped as unsupported) [Codex P1]
- Use hide_secret=true on alert fetch to prevent plaintext in terminal
[Codex P1]
- Add jq filtering on all fetch commands to avoid printing .body or
.secret to stdout [Codex P1, Aisle Medium]
- Skip PATCH before DELETE for comments — PATCH creates an unnecessary
edit history revision exposing plaintext [Greptile P1]
- Use mktemp for all temp files instead of fixed /tmp paths [Aisle Medium]
- Branch notification template by location type: comment says "removed
and replaced", body says "redacted in place", commit says "committed"
[Greptile P1]
- Bump userContentEdits(first: 10) to first: 50 to reduce truncation
risk [Greptile P2]
- Fix batch listing jq query to use .html_url instead of
.first_location_detected.html_url [Codex P2]
- Use heredoc + temp file for comment recreation (was inline -f)
[Codex P1]
- Remove alert URLs from public notification templates [Codex P1]
* feat(skills): extract secret-scanning operations into reusable script
Add scripts/secret-scanning.mjs with subcommands: fetch-alert,
fetch-content, redact-body, delete-comment, recreate-comment, notify,
resolve, list-open, summary.
Security enforcements now live in the script (not agent memory):
- hide_secret=true on all alert fetches
- mktemp with random UUIDs for all temp files
- -F body=@file for all body uploads
- .secret and .body never printed to stdout
- notification templates branched by location type
SKILL.md simplified from ~370 lines to ~170 lines — now a decision
guide that references script commands instead of inline gh api calls.
* fix(skills): enforce script summary output as final summary
Agent was rewriting the summary table without URLs. Make SKILL.md
explicit: the script output IS the final summary, do not reformat it.
* fix(skills): add summary output markers for verbatim rendering
Script summary now outputs ---BEGIN SUMMARY--- / ---END SUMMARY---
markers. SKILL.md instructs agent to output the content between markers
verbatim, preventing reformatting that drops URLs.
* fix(skills): address latest bot review findings on script
- Restrict temp file permissions to 0600 (owner-only) [Codex P1]
- Add --slurp to list-open and fetch-alert locations for correct
multi-page JSON parsing [Codex P1, Codex P2]
- Use commit_url/blob_url fallback for commit location URLs [Codex P2]
- Add --paginate to locations fetch [Codex P2]
