diff --git a/.github/workflows/repo_health.yml b/.github/workflows/repo_health.yml
index 6165a14..8c24c9d 100644
--- a/.github/workflows/repo_health.yml
+++ b/.github/workflows/repo_health.yml
@@ -36,7 +36,7 @@ env:
   # Scripts governance policy
   # Note: directories listed without a trailing slash.
   SCRIPTS_REQUIRED_DIRS:
-  SCRIPTS_ALLOWED_DIRS: scripts,scripts/fix,scripts/lib,scripts/release,scripts/run,scripts/validate
+  SCRIPTS_ALLOWED_DIRS: scripts,scripts/fix,scripts/git,scripts/lib,scripts/release,scripts/run,scripts/validate
 
   # Repo health policy
   # Files are listed as-is; directories must end with a trailing slash.
diff --git a/docs/QUICK_START.md b/docs/QUICK_START.md
index 00031ff..96a98ed 100644
--- a/docs/QUICK_START.md
+++ b/docs/QUICK_START.md
@@ -348,5 +348,5 @@ make help                  # Show all commands
 ---
 
 **Document Version:** 1.0.0  
-**Last Updated:** 2026-01-04  
+**Last Updated:** 2025-01-04  
 **Get Started:** Run `make dev-setup` now!
diff --git a/docs/WORKFLOW_GUIDE.md b/docs/WORKFLOW_GUIDE.md
index b1c9c0c..f39baed 100644
--- a/docs/WORKFLOW_GUIDE.md
+++ b/docs/WORKFLOW_GUIDE.md
@@ -468,5 +468,5 @@ phpcs --standard=phpcs.xml --report=source src/
 ---
 
 **Document Version:** 1.0.0  
-**Last Updated:** 2026-01-04  
+**Last Updated:** 2025-01-04  
 **Maintained by:** Moko Consulting Engineering
diff --git a/scripts/git/pre-commit.sh b/scripts/git/pre-commit.sh
index 18ed667..673548c 100755
--- a/scripts/git/pre-commit.sh
+++ b/scripts/git/pre-commit.sh
@@ -133,11 +133,12 @@ YAML_FILES=$(echo "$STAGED_FILES" | grep -E '\.(yml|yaml)$' || true)
 if [ -n "$YAML_FILES" ]; then
     while IFS= read -r file; do
         if [ -f "$file" ]; then
-            if python3 -c "import yaml; yaml.safe_load(open('$file'))" 2>/dev/null; then
+            # Use printf to safely pass the file path, avoiding injection
+            if python3 -c "import sys, yaml; yaml.safe_load(open(sys.argv[1]))" "$file" 2>/dev/null; then
                 log_success "YAML valid: $file"
             else
                 log_error "YAML invalid: $file"
-                python3 -c "import yaml; yaml.safe_load(open('$file'))" || true
+                python3 -c "import sys, yaml; yaml.safe_load(open(sys.argv[1]))" "$file" || true
                 FAILURES=$((FAILURES + 1))
             fi
         fi
@@ -210,11 +211,12 @@ if [ "$SKIP_QUALITY" = false ] && command -v phpcs >/dev/null 2>&1; then
     PHP_FILES=$(echo "$STAGED_FILES" | grep '\.php$' || true)
     
     if [ -n "$PHP_FILES" ]; then
-        if echo "$PHP_FILES" | xargs phpcs --standard=phpcs.xml -q 2>/dev/null; then
+        # Use process substitution to avoid issues with filenames containing spaces
+        if echo "$PHP_FILES" | tr '\n' '\0' | xargs -0 phpcs --standard=phpcs.xml -q 2>/dev/null; then
             log_success "PHPCS passed"
         else
             log_warning "PHPCS found issues (non-blocking)"
-            echo "$PHP_FILES" | xargs phpcs --standard=phpcs.xml --report=summary || true
+            echo "$PHP_FILES" | tr '\n' '\0' | xargs -0 phpcs --standard=phpcs.xml --report=summary || true
         fi
     else
         echo "  No PHP files to check"