Menu
Centralized list of commands safe for auto-execution without user approval. Single source of truth.
Install with Codex or Claude Copy this prompt, paste it into Codex, Claude, or another assistant, and let it review the skill page and install it for you.
Based on SOC occupation classification
| name | skill-safe-commands |
| description | Centralized list of commands safe for auto-execution without user approval. Single source of truth. |
| tier | 0 |
| version | 1.2 |
This skill defines all commands that are SAFE TO AUTO-RUN without user approval.
[!IMPORTANT] This is the single source of truth for Safe Commands. All other skills and prompts should reference this skill instead of duplicating the list.
| Category | Commands | Reason |
|---|---|---|
| Read-only | ls, cat, head, tail, find, grep, rg, fd, tree, wc, echo | Do not modify state |
| Symlink-aware | find -L, ls -L, rg --follow / rg -L, fd -L | Read-only, but follow symlinks into framework dirs (.agent/, .agents/, .cursor/skills/, System/, .agentic-development/). Plain find/ls/rg do not descend into symlinked directories |
| File info | stat, file, du, df | Informational only |
| Git read | git status, git log, git diff, git show, git branch, git remote, git tag | Read-only git operations |
| Archiving | mv docs/TASK.md docs/tasks/..., mv docs/PLAN.md docs/plans/... | Documented, non-destructive moves (TASK/PLAN rotate in lockstep) |
| Directory | mkdir -p docs/tasks, mkdir -p docs/plans, mkdir -p docs/architectures, mkdir -p .agent/skills/* | Idempotent operations |
| Tool calls | generate_task_archive_filename, list_directory, read_file | Native tools |
| Framework scripts | python3 .agent/skills/skill-session-state/scripts/update_state.py, python3 .agent/tools/task_id_tool.py, python3 .agent/skills/skill-creator/scripts/validate_skill.py, python3 .agent/skills/skill-creator/scripts/init_skill.py, python3 System/scripts/doctor.py | Framework automation |
| Testing | python -m pytest ..., npm test, npx jest, cargo test | Tests don't modify source code |
Commands are safe if they match these patterns:
# Read-only filesystem
^(ls|cat|head|tail|find|grep|rg|fd|tree|wc|stat|file|du|df|echo)(?:\s|$)
# Symlink-aware read-only — framework dirs (.agent/, .agents/, System/, .agentic-development/) may be symlinks
^find\s+-L
^ls\s+-[a-zA-Z]*L
^rg\s+(--follow|-L)
^fd\s+-[a-zA-Z]*L
# Git read operations
^git\s+(status|log|diff|show|branch|remote|tag)
# Archiving (specific paths only)
^mv\s+docs/(TASK|PLAN)\.md\s+docs/(tasks|plans)/
# Directory creation (safe paths)
^mkdir\s+-p\s+(docs|\.agent|tests)/
# Python testing
^(python|python3)\s+-m\s+pytest
^cd\s+\.agent/tools\s+&&\s+python
^python3?\s+-c\s+'from\s+scripts\.tool_runner
# Node testing
^npm\s+test
^npx\s+jest
# Framework scripts
^python3\s+\.agent/skills/skill-session-state/scripts/update_state\.py
^python3\s+\.agent/tools/task_id_tool\.py
^python3\s+\.agent/skills/skill-creator/scripts/(validate_skill|init_skill)\.py
^python3\s+System/scripts/doctor\.py
When calling run_command in ANY environment:
SafeToAutoRun: true.SafeToAutoRun: false (require approval).[!IMPORTANT] Symlink-following is the default for framework paths. When listing or searching
.agent/,.agents/,.cursor/skills/,System/, or.agentic-development/, prefer the symlink-aware variants (find -L,ls -L,rg --follow) — a plainfind/ls/rgsilently skips symlinked directories. If a read-only probe returns nothing under a known framework directory, retry it once with symlink-following enabled before treating the path as empty or missing.
Note for Agents: Do NOT create configuration files (like
.cursorrulesorAGENTS.md) automatically. These are user-managed files.
Cursor Users:
.cursorrules or AGENTS.md file to enable auto-approval.Antigravity Users:
ls,cat,head,tail,find,find -L,ls -L,grep,rg,rg --follow,fd,fd -L,tree,wc,stat,file,du,df,git status,git log,git diff,git show,git branch,git remote,git tag,mv docs/TASK.md,mv docs/PLAN.md,mkdir -p docs,mkdir -p .agent,mkdir -p tests,python -m pytest,python3 -m pytest,npm test,npx jest,cargo testIf the IDE still requests approval for commands listed here:
SafeToAutoRun: true in the tool call. If the Agent sets it to false, the IDE must ask for approval regardless of the Allow List.mv docs/TASK.md works but mv docs/TASK.md docs/tasks/foo.md fails, check if the IDE supports regex/glob patterns or try shortening the allowed rule (e.g., mv only) if security policy permits.Instead of duplicating Safe Commands lists, use:
## Safe Commands
See `skill-safe-commands` for the authoritative list of commands safe for auto-execution.
skill-archive-task — archiving commandsartifact-management — file operationsdeveloper-guidelines — test commandsUse when decomposing tasks into parallel sub-tasks or spawning sub-agents. Vendor-agnostic core; load a per-vendor reference for concrete tool names, directory conventions, and invocation syntax.
Use when performing Verification-Driven Development with adversarial approach. Actively challenge assumptions and find weak spots.
Use when performing VDD adversarial review with an opt-in sarcastic, provocative delivery style — a stylistic skin over vdd-adversarial mechanics (exhaustive reporting + objective bar).
Performance critic in adversarial style (optional sarcastic skin). Part of VDD Multi-Adversarial pipeline.
Use when performing OWASP security critique in adversarial style (optional sarcastic skin). Part of VDD Multi-Adversarial pipeline.
Use when performing security vulnerability assessment (OWASP, secrets, dependencies, IaC, LLM, API, MCP/agentic) or when "thinking like a hacker" to find exploits.