[Backlog Discovery] feat(backlog): automation-secret-scan-for-generated-diffs

[bestony]

[Backlog Discovery]

• Requirement title: 为自驱变更加入提交前敏感信息扫描与阻断
• Priority: P1
• Requirement file: backlog/20260221050531-automation-secret-scan-for-generated-diffs.md
• Dedupe key: automation-secret-scan-for-generated-diffs
• Source run: https://github.com/bestony/self/actions/runs/22250800157

[gemini-code-assist]

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

[github-actions]

[Reviewer Workflow]
Reviewer: Product Manager

• Acceptance criteria says “all workflows that write to repo” but does not enumerate which workflows are in scope or how to detect “write” steps; this makes coverage hard to verify. Suggest listing the exact workflows (self-upgrade, engineer, backlog-discovery, etc.) and the exact gating point (pre-commit, pre-PR, pre-push) for each.
• The requirement does not specify whether scanning is limited to generated diffs or the entire repo/history, which affects runtime and false-positive risk. Suggest explicitly defining the scan target (e.g., staged changes or generated files only) and the expected performance constraints.