Helps with Prowler repository CI and PR gates (GitHub Actions workflows). Trigger: When investigating CI checks failing on a PR, PR title validation, changelog gate/no-changelog label, conflict marker checks, secret scanning, CODEOWNERS/labeler automation, or anything under .github/workflows.
Use this skill whenever you are:
.github/workflows/.github/pull_request_template.md.github/workflows/conventional-commit.yml.github/workflows/pr-check-changelog.yml.github/workflows/pr-conflict-checker.yml.github/workflows/find-secrets.yml.github/workflows/labeler.yml and .github/labeler.yml.github/CODEOWNERS.github/workflows/).CHANGELOG.md is updated OR apply no-changelog label.<<<<<<<, =======, >>>>>>> markers.TruffleHog scans for leaked secrets. Common false positives in test files:
Patterns that trigger TruffleHog:
sk-*T3BlbkFJ* - OpenAI API keysAKIA[A-Z0-9]{16} - AWS Access Keysghp_* / gho_* - GitHub tokensFix for test files:
# BAD - looks like real OpenAI key
api_key = "sk-test1234567890T3BlbkFJtest1234567890"
# GOOD - obviously fake
api_key = "sk-fake-test-key-for-unit-testing-only"
If TruffleHog flags a real secret:
.trufflehog-ignore for known false positives (rarely needed)prowler-pr focused on creating PRs and filling the template.prowler-ci for CI policies and gates that apply to PRs.