Security issues should be handled carefully and not exposed publicly before they are understood.
Never commit:
- passwords
- API keys
- private tokens
- SSH keys
- personal data
- production secrets
AI tools must not be allowed to execute destructive repository operations without human review.
High-risk operations require human control:
- force push
- reset
- rebase
- clean
- branch deletion
- tag deletion
Security-relevant changes should include:
- affected files
- risk assessment
- mitigation
- testing or validation steps