diff --git a/test/skill-validation.test.ts b/test/skill-validation.test.ts
index 26a0870d..1da5db6d 100644
--- a/test/skill-validation.test.ts
+++ b/test/skill-validation.test.ts
@@ -1522,6 +1522,26 @@ describe('Test failure triage in ship skill', () => {
   });
 });
 
+describe('no compiled binaries in git', () => {
+  test('git tracks no Mach-O or ELF binaries', () => {
+    const result = require('child_process').execSync(
+      'git ls-files -z | xargs -0 file --mime-type 2>/dev/null | grep -E "application/(x-mach-binary|x-executable|x-pie-executable|x-sharedlib)" || true',
+      { cwd: ROOT, encoding: 'utf-8' }
+    ).trim();
+    const files = result ? result.split('\n').map((l: string) => l.split(':')[0].trim()) : [];
+    expect(files).toEqual([]);
+  });
+
+  test('git tracks no files larger than 2MB', () => {
+    const result = require('child_process').execSync(
+      'git ls-files -z | xargs -0 -I{} sh -c \'size=$(wc -c < "{}" 2>/dev/null | tr -d " "); [ "$size" -gt 2097152 ] 2>/dev/null && echo "{}:${size}"\' || true',
+      { cwd: ROOT, encoding: 'utf-8' }
+    ).trim();
+    const files = result ? result.split('\n').filter(Boolean) : [];
+    expect(files).toEqual([]);
+  });
+});
+
 describe('sidebar agent (#584)', () => {
   // #584 — Sidebar Write: sidebar-agent.ts allowedTools includes Write
   test('sidebar-agent.ts allowedTools includes Write', () => {