This week's scan
Radar #1
No AI-context risk signal categories detected.
AI ignore files
.claudeignore, .cursorignore, .gitignore
First report · Jun 22–28, 2026 · Published Jun 29, 2026, 10:43 PM UTC
Anonymous counts across all complete scans this week. No repository names are shown.
32 repositories were scanned for AI-context hygiene.
76 AI-context risk signals matched 9 sensitive path categories.
3% of scanned repos use a dedicated AI exclude file (2 types in use).
These are not confirmed leaks.
Radar uses path-level checks to detect files and folders that may become visible to AI coding tools if they are not covered by AI-specific ignore rules.
A risk signal is a file committed to the repository whose path matches a sensitive category (for example .env or *.pem). Counts are file matches at the path level — Radar never opens the files.
31% of scanned repos had AI-context risk signals — mostly secret and signing path categories.
Far fewer repos use a dedicated AI exclude file (3%) than show risk signals (31%). Environment files (.env) and npm credentials (.npmrc) reached the widest share of repos — exclude these paths from AI context first.
Aggregated path pattern counts — not tied to any named repository.
3% of repos use a dedicated AI exclude file
These actually keep matching files out of AI context — and they are still rare.
31% of repos ship an AI context file
Files like AGENTS.md and CLAUDE.md give AI tools project instructions — theyadd context, they do not exclude anything. They are not a substitute for an exclude file.
Patterns covering this week's most widespread categories (Environment files (.env), Certificates and PEM keys (.pem), npm credentials (.npmrc), Private keys (.key)). Add them to a dedicated AI exclude file (for example .cursorignore or.claudeignore) — and to .gitignore so the files are never committed.
.env
.env.*
!.env.example
*.pem
*.key
certs/
.npmrc
secrets/Per-category guidance lives in the risk pattern guides.
| Metric | Radar #1 | Radar #2 |
|---|---|---|
| Repositories scanned | 32 | 100 |
| AI exclude-file coverage | 3% | 2% |
| Repos with risk signals | 31% | 37% |
| AI-context risk signals (absolute) | 76 | 156 |
| Risk signals per scanned repo | 2.4 | 1.6 |
| Top category | Key Files | Key material (.pem, .key) |
Per-repository reports for maintainers who opted in. Fleet counts above stay anonymous; each card below is that repo's own scan.
Radar #1
No AI-context risk signal categories detected.
.claudeignore, .cursorignore, .gitignore
Radar #1
No AI-context risk signal categories detected.
.gitignore
10 of 32 repos this week exposed sensitive paths to AI tools. Check yours in seconds:
Run the same local check with Offsend CLI:
brew install --cask offsend/tap/offsend-cli
offsend show
offsend prepare --dry-runEverything runs locally. No file contents are uploaded.