- /ship: scan the composed PR body + title before create AND edit, from a temp
file (exact bytes scanned = bytes sent). HIGH blocks the PR (no skip); MEDIUM
confirms per finding. Codex/Greptile/eval sections go in tool-attributed fences
so example credentials those tools quote WARN-degrade instead of blocking the
PR — a live-format credential inside the fence still blocks.
- /document-release: scan the PR-body temp file before gh pr edit.
- /document-generate: scan the staged doc diff (added lines) before commit —
generated docs often carry example credentials; a live-format secret blocks.
Tests: ship-template-redaction (incl. tool-fence WARN-degrade contract),
document-skills-redaction. All skills stay under the v1.47 size budget.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Garry Tan