ワンクリックで
command-execution
Use when executing any bash command, CLI tool, or shell operation
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
メニュー
Use when executing any bash command, CLI tool, or shell operation
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
SOC 職業分類に基づく
Use when constructing or interpreting the approval handoff envelope between subagent and orchestrator -- sealed_payload schema, approval_id format, APPROVAL_REQUEST contract shape, and reading a granted approval from the DB
Use when producing any agent response
Use when classifying any operation before executing it, or deciding whether user approval is required
Use when a mutative command was blocked by the hook and you need to request user approval, or when presenting a plan for a T3 operation before executing it
Use when the user wants to build, design, or extend a diagram — an architecture overview, a timeline, a planner board, a flow diagram, a presentation, a comparison, or a mind-map — as a portable, data-driven deck rendered from plain YAML. Triggers — "build a diagram", "architecture diagram", "diagram deck", "timeline", "flow diagram", "planner board", "add a page/section/component to the diagram".
Use when the user wants something to run routinely / on a schedule rather than once now -- "tarea programada", "rutinariamente", "cada mañana", "cada N horas", "todas las noches", "schedule", "cron". Covers mounting, structuring, and running an unattended headless task that reports back, plus consuming its reports. NOT for a live in-session agentic loop (that is agentic-loop).
| name | command-execution |
| description | Use when executing any bash command, CLI tool, or shell operation |
| metadata | {"user-invocable":false,"type":"discipline"} |
ONE COMMAND. ONE RESULT. ONE EXIT CODE.
Reach for the native flag before the pipe; the file tool before the shell.
The runtime hard-blocks pipes, redirects, and chaining for cloud CLIs (gcloud kubectl aws terraform helm flux) and blocks redirects and background & for every command — but the discipline applies to everything you run, not only what the hook catches.
When you reach for a pipe, you have not looked for the flag yet.
CLIs have --format, --filter, --limit flags that do what pipes
do — without hiding exit codes or triggering extra permission prompts.
When you want to chain with &&, stop. Run one command, verify the
exit code, then run the next. Two verified commands beat one fragile chain.
For file I/O, always use Claude Code tools over Bash:
| Bash | Claude Code tool |
|---|---|
cat, head, tail | Read |
echo >, heredocs | Write |
sed -i, awk | Edit |
grep -r, rg | Grep |
find | Glob |
The agent cwd resets between Bash calls, so a relative path resolves against an unknown directory — pass absolute paths or the CLI's -chdir.
&& or ;.
2b. No indirect-execution wrappers — no bash -c, sh -c, eval, or similar. They hide the real command inside a string, which the classifier cannot see and which trips the runtime's indirect-execution guardrail (an "ask" dialog even for commands that would otherwise pass). Run the discrete command directly, or put multi-step logic in a committed script file and invoke it directly (python3 script.py, ./script.sh) instead of wrapping it in an interpreter's -c/-e flag.
2c. No fabricated .claude/ fixtures — never hand-roll .claude/ directories or files to simulate install/sandbox behavior (e.g. mkdir fake-sandbox/.claude). .claude/ paths are protected by a native sensitive-path guard, so a fabricated fixture both trips that guard and is not a faithful reproduction. To exercise install/sandbox behavior, run the real tooling (bin/validate-sandbox.sh) under proper isolation — an ephemeral temp workspace with GAIA_DATA_DIR=<tmp> — never a substitute you construct by hand. If the real tooling is T3-gated, request approval (APPROVAL_REQUEST) rather than dodging it with a fabricated fixture.${VAR} with spaces becomes multiple arguments.>/>> and trailing & are the part the runtime enforces on every command; redirects bypass the Write tool, & hides the exit code.| If you're thinking... | The reality is... |
|---|---|
| "I'll pipe to filter / parse / it's read-only so it's safe" | The flag exists: --filter, --format, -o jsonpath. A pipe hides the exit code regardless of intent |
| "I'll chain with && for efficiency" | Chaining collapses two exit codes into one — run separately and verify each |
| "I'll wrap this in bash -c / eval to run it in one call" | Wrapping hides the real command from the classifier and trips the indirect-execution guardrail — run it as a discrete command or a script file instead |
"I'll just mkdir a fake .claude/ to simulate the sandbox" | .claude/ is a protected path — a hand-rolled fixture trips the sensitive-path guard and isn't a faithful repro; run bin/validate-sandbox.sh under isolation (temp workspace + GAIA_DATA_DIR) instead |
| "Let me cat/head this file (or use a heredoc)" | File I/O is a tool, not a shell call — use Read/Write; heredocs also break in batch |
| "Let me cd first, then run" | The cwd resets between calls — use an absolute path or -chdir |
| "Redirect output to a file / run it in background" | Redirect and & are the universal wall — use the Write tool; & hides the exit code, blocked for every command |
kubectl get pods | grep Error → use -l label selectors or --field-selectorcd dir && terraform plan → terraform -chdir=/absolute/path plancat file | wc -l → Read toolbash -c "mv a b" → run mv a b directly, or put it in a script file and invoke thatmkdir fake-sandbox/.claude to simulate validate-sandbox.sh → run the real script under a temp workspace with GAIA_DATA_DIR setEnforced at runtime by validate_cloud_pipe (cloud_pipe_validator.py): pipes/redirects/chaining are blocked for cloud CLIs; redirects and background & are blocked for every command. A quoted git commit -m "$(cat <<'EOF' …)" passes because the body is quote-stripped before scanning and git is non-cloud — not a special case. See reference.md for mutation rules and cloud examples.