Files
yao-meta-skill/security/secret_policy.md
T
2026-06-13 12:34:19 +08:00

382 B

Secret Policy

Skills must not commit credentials, tokens, private keys, or customer secrets.

The v0 scanner blocks obvious high-risk patterns such as private key blocks, GitHub personal access tokens, Slack bot tokens, AWS access key ids, and OpenAI-style API keys.

Potential private paths or local-only references should be treated as warnings unless they expose credentials.