원클릭으로
skill-safe-commands
Centralized list of commands safe for auto-execution without user approval. Single source of truth.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
Centralized list of commands safe for auto-execution without user approval. Single source of truth.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
Use when decomposing tasks into parallel sub-tasks or spawning sub-agents. Vendor-agnostic core; load a per-vendor reference for concrete tool names, directory conventions, and invocation syntax.
Use when performing Verification-Driven Development with adversarial approach. Actively challenge assumptions and find weak spots.
Use when performing VDD adversarial review with an opt-in sarcastic, provocative delivery style — a stylistic skin over vdd-adversarial mechanics (exhaustive reporting + objective bar).
Performance critic in adversarial style (optional sarcastic skin). Part of VDD Multi-Adversarial pipeline.
Use when performing OWASP security critique in adversarial style (optional sarcastic skin). Part of VDD Multi-Adversarial pipeline.
Use when performing security vulnerability assessment (OWASP, secrets, dependencies, IaC, LLM, API, MCP/agentic) or when "thinking like a hacker" to find exploits.
| name | skill-safe-commands |
| description | Centralized list of commands safe for auto-execution without user approval. Single source of truth. |
| tier | 0 |
| version | 1.2 |
This skill defines all commands that are SAFE TO AUTO-RUN without user approval.
[!IMPORTANT] This is the single source of truth for Safe Commands. All other skills and prompts should reference this skill instead of duplicating the list.
| Category | Commands | Reason |
|---|---|---|
| Read-only | ls, cat, head, tail, find, grep, rg, fd, tree, wc, echo | Do not modify state |
| Symlink-aware | find -L, ls -L, rg --follow / rg -L, fd -L | Read-only, but follow symlinks into framework dirs (.agent/, .agents/, .cursor/skills/, System/, .agentic-development/). Plain find/ls/rg do not descend into symlinked directories |
| File info | stat, file, du, df | Informational only |
| Git read | git status, git log, git diff, git show, git branch, git remote, git tag | Read-only git operations |
| Archiving | mv docs/TASK.md docs/tasks/..., mv docs/PLAN.md docs/plans/... | Documented, non-destructive moves (TASK/PLAN rotate in lockstep) |
| Directory | mkdir -p docs/tasks, mkdir -p docs/plans, mkdir -p docs/architectures, mkdir -p .agent/skills/* | Idempotent operations |
| Tool calls | generate_task_archive_filename, list_directory, read_file | Native tools |
| Framework scripts | python3 .agent/skills/skill-session-state/scripts/update_state.py, python3 .agent/tools/task_id_tool.py, python3 .agent/skills/skill-creator/scripts/validate_skill.py, python3 .agent/skills/skill-creator/scripts/init_skill.py, python3 System/scripts/doctor.py | Framework automation |
| Testing | python -m pytest ..., npm test, npx jest, cargo test | Tests don't modify source code |
Commands are safe if they match these patterns:
# Read-only filesystem
^(ls|cat|head|tail|find|grep|rg|fd|tree|wc|stat|file|du|df|echo)(?:\s|$)
# Symlink-aware read-only — framework dirs (.agent/, .agents/, System/, .agentic-development/) may be symlinks
^find\s+-L
^ls\s+-[a-zA-Z]*L
^rg\s+(--follow|-L)
^fd\s+-[a-zA-Z]*L
# Git read operations
^git\s+(status|log|diff|show|branch|remote|tag)
# Archiving (specific paths only)
^mv\s+docs/(TASK|PLAN)\.md\s+docs/(tasks|plans)/
# Directory creation (safe paths)
^mkdir\s+-p\s+(docs|\.agent|tests)/
# Python testing
^(python|python3)\s+-m\s+pytest
^cd\s+\.agent/tools\s+&&\s+python
^python3?\s+-c\s+'from\s+scripts\.tool_runner
# Node testing
^npm\s+test
^npx\s+jest
# Framework scripts
^python3\s+\.agent/skills/skill-session-state/scripts/update_state\.py
^python3\s+\.agent/tools/task_id_tool\.py
^python3\s+\.agent/skills/skill-creator/scripts/(validate_skill|init_skill)\.py
^python3\s+System/scripts/doctor\.py
When calling run_command in ANY environment:
SafeToAutoRun: true.SafeToAutoRun: false (require approval).[!IMPORTANT] Symlink-following is the default for framework paths. When listing or searching
.agent/,.agents/,.cursor/skills/,System/, or.agentic-development/, prefer the symlink-aware variants (find -L,ls -L,rg --follow) — a plainfind/ls/rgsilently skips symlinked directories. If a read-only probe returns nothing under a known framework directory, retry it once with symlink-following enabled before treating the path as empty or missing.
Note for Agents: Do NOT create configuration files (like
.cursorrulesorAGENTS.md) automatically. These are user-managed files.
Cursor Users:
.cursorrules or AGENTS.md file to enable auto-approval.Antigravity Users:
ls,cat,head,tail,find,find -L,ls -L,grep,rg,rg --follow,fd,fd -L,tree,wc,stat,file,du,df,git status,git log,git diff,git show,git branch,git remote,git tag,mv docs/TASK.md,mv docs/PLAN.md,mkdir -p docs,mkdir -p .agent,mkdir -p tests,python -m pytest,python3 -m pytest,npm test,npx jest,cargo testIf the IDE still requests approval for commands listed here:
SafeToAutoRun: true in the tool call. If the Agent sets it to false, the IDE must ask for approval regardless of the Allow List.mv docs/TASK.md works but mv docs/TASK.md docs/tasks/foo.md fails, check if the IDE supports regex/glob patterns or try shortening the allowed rule (e.g., mv only) if security policy permits.Instead of duplicating Safe Commands lists, use:
## Safe Commands
See `skill-safe-commands` for the authoritative list of commands safe for auto-execution.
skill-archive-task — archiving commandsartifact-management — file operationsdeveloper-guidelines — test commands