원클릭으로
audit-secrets
Scan chezmoi source files for accidentally exposed secrets and verify sensitive files have the private_ prefix.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
Scan chezmoi source files for accidentally exposed secrets and verify sensitive files have the private_ prefix.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
Intent-Driven Development (IDD) に基づき、ADR(Architecture Decision Record)形式の Intentドキュメントを作成するスキル。ユーザーの「こういう機能を作りたい」「この設計判断をした」 という意図をWhy/Whatに整理し、How(実装詳細)の混入を検出・分離して、docs/adr/ に連番の ADRファイルを生成する。 このスキルは以下の場合に必ず使用すること: - ユーザーが /intent と入力したとき - 「ADRを書きたい」「意図を記録したい」「intentを作成」「設計判断を残したい」「ADR作って」 「決定を記録」「なぜこうしたか残しておきたい」などと言ったとき - ユーザーが新機能やアーキテクチャの判断について議論し、それを文書化したいと示唆したとき Do NOT trigger for: バグ修正の記録、ルーチンなリファクタリング、意図が自明な些細な変更。
Automatically generate PR descriptions according to project templates.
Structured 5W1H completeness checker for written communication. Analyzes text using a Who/What/When/Where/Why/How framework, produces a status table for each element, and provides concrete rewrite suggestions for missing information. ALWAYS use this skill when the user shares text and asks you to review it, check it, proofread it, or confirm it's ready to send — including progress reports, daily standups, meeting minutes, incident reports, handoff documents, status updates, client emails, Slack messages, PR descriptions, or any prose meant to inform others. Also trigger when the user says things like "これで大丈夫か", "情報足りてるか", "抜けてないか", "伝わるかな", "5W1H", "check if anything is missing", "is this clear enough", "review before sending", or asks you to check whether a written message has enough context for the reader. This skill adds a structured framework that generic reviewing lacks — do not skip it just because you could review text without it. Do NOT trigger for: code review, security review, grammar/style-only che
Review a draft text (message, report, PR description, commit message, etc.) from the reader's perspective and suggest improvements.
Safely add a new dotfile to chezmoi management, determining the correct prefix and committing the result.
Inspect the current chezmoi sync state and report unapplied changes, unmanaged files, and whether it is safe to run chezmoi apply.
| name | audit-secrets |
| description | Scan chezmoi source files for accidentally exposed secrets and verify sensitive files have the private_ prefix. |
Scan the chezmoi source directory for potential secret exposure and report findings.
private_ That May Contain SecretsRun pattern searches across all source files that do NOT have the private_ prefix:
# List all non-private source files
find ~/.local/share/chezmoi -type f \
! -path '*/.git/*' \
! -name 'private_*' \
! -path '*/private_*'
Search those files for common secret patterns:
# API keys, tokens, passwords
grep -rn --include='*' \
-e 'api[_-]key\s*=' \
-e 'api[_-]secret\s*=' \
-e 'access[_-]token\s*=' \
-e 'secret[_-]key\s*=' \
-e 'password\s*=' \
-e 'passwd\s*=' \
-e 'AUTH_TOKEN' \
-e 'PRIVATE_KEY' \
~/.local/share/chezmoi \
--exclude-dir='.git'
# High-entropy strings (possible raw tokens)
grep -rEn '[A-Za-z0-9+/]{40,}' ~/.local/share/chezmoi \
--exclude-dir='.git' \
! -path '*/private_*'
private_Check that these file types have the private_ prefix in their source names:
.npmrc → should be private_dot_npmrc.netrc → should be private_dot_netrc.ssh/config → should be under private_dot_ssh/~/.config/ containing credentialschezmoi status
chezmoi managed --include=files | grep -v '^private'
Review the list of non-private managed files for anything that looks sensitive.
git -C ~/.local/share/chezmoi log --oneline -20
git -C ~/.local/share/chezmoi diff HEAD~5..HEAD -- . ':!*.png' ':!*.jpg'
Look for any patterns matching secrets in recent commits.
Categorize findings into:
private_ prefixFor each finding, suggest the remediation:
# To re-add a file with private_ prefix
chezmoi add --force <target-path> # chezmoi will re-evaluate permissions
# or manually rename the source file and re-run chezmoi apply
Produce a structured report:
## Secrets Audit Report
### CRITICAL
- (none) or list of files with confirmed secrets
### WARNING
- (none) or list of suspicious files
### INFO
- Any false positives noted
### Recommendations
- Specific remediation steps for each finding
$ARGUMENTS