Marketplace for trusted AI agent skills

Baseline and Review Repository Secret Findings with detect-secrets

Skill Detail

Baseline and Review Repository Secret Findings with detect-secrets

Scan a repository for secrets, keep an auditable baseline, and review only newly introduced findings during commits or CI checks.

Security & VerificationMulti-Framework
Security & Verification Multi-Framework Security Reviewed
⭐ 4.5k GitHub stars
INSTALL WITH ANY AGENT
npx skills add agentskillexchange/skills --skill baseline-and-review-repository-secret-findings-with-detect-secrets Copy
Works best when you want a reusable capability, not another fragile one-off prompt.
View source
At a glance
Tools required
Python, detect-secrets CLI, git repository
Install & setup
Install with pip, then create or update a baseline before scanning: pip install detect-secrets && detect-secrets scan > .secrets.baseline
Author
Yelp
Publisher
Organization
Last updated
Apr 18, 2026
Quick brief

This skill wraps detect-secrets as a repeatable secret-review workflow rather than a generic scanner listing. The agent generates or refreshes a baseline, scans the repository, and focuses review attention on newly introduced findings so teams can gate commits and CI runs without re-triaging known historical noise every time.

How it works

What this skill actually does

Invoke it when a repository needs an incremental secret-hygiene check before merge, during pre-commit enforcement, or while cleaning up a legacy codebase in stages. Use the product normally for ad hoc scanning only. Use this skill when the job is specifically baseline management plus review of net-new findings.

The scope boundary is narrow and explicit: repository secret detection, baseline upkeep, and review of new alerts. It is not a general AppSec platform, SIEM, or full security program card.