diff --git a/scripts/secret-scan-repo.sh b/scripts/secret-scan-repo.sh
index efb9a5e..7da241e 100755
--- a/scripts/secret-scan-repo.sh
+++ b/scripts/secret-scan-repo.sh
@@ -21,9 +21,9 @@ check() {
   local pattern="$2"
 
   # -l prints only filenames (no secret material in output)
-  if git grep -l -E "${pattern}" -- . >/dev/null 2>&1; then
+  if git grep -l -E "${pattern}" -- . ':!*.example' ':!*.example.*' >/dev/null 2>&1; then
     echo "✗ ${name}: potential matches found in:"
-    git grep -l -E "${pattern}" -- . | sed 's/^/  - /'
+    git grep -l -E "${pattern}" -- . ':!*.example' ':!*.example.*' | sed 's/^/  - /'
     echo
     fail=1
   fi