Push Gate Formalised pre-push safety check. Runs before every where the remote is not a local file path. Refuses on secret hits; warns on size/forbidden-file; confirms intent before pushing. Use this skill whenever the user asks to push, or before Claude runs to any remote. Complements (which handles the push itself) — this is the gate that runs immediately before. Hard rules 1. Gitleaks is a required dependency. If not installed, emit the install instructions and refuse. Do not silently fall back to regex-only. 2. Any secret-scanner hit ⇒ refuse. No bypass flag. Force the user to rewrite his…