diff --git a/eng/pr-risk-scan.mjs b/eng/pr-risk-scan.mjs
index f96f66db..a1fc4ee0 100644
--- a/eng/pr-risk-scan.mjs
+++ b/eng/pr-risk-scan.mjs
@@ -340,11 +340,22 @@ function main() {
 
     scanSkillScriptPath(relativePath, findings);
 
-    if (!fs.existsSync(absolutePath) || !fs.statSync(absolutePath).isFile()) {
+    if (!fs.existsSync(absolutePath)) {
       skippedFiles.push(relativePath);
       continue;
     }
 
+    const stat = fs.statSync(absolutePath);
+    if (!stat.isFile()) {
+      skippedFiles.push(relativePath);
+      continue;
+    }
+
+    if (stat.size > 1024 * 1024) {
+      skippedFiles.push(`${relativePath} (skipped: file too large)`);
+      continue;
+    }
+
     const contentBuffer = fs.readFileSync(absolutePath);
     if (!isPotentialText(contentBuffer)) {
       skippedFiles.push(relativePath);