一键导入
check-rico-safety
Audit Rico Hunt safety guardrails — rico_safety.py, agent runtime approval mode, and high-impact action protections. Read-only verification.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Audit Rico Hunt safety guardrails — rico_safety.py, agent runtime approval mode, and high-impact action protections. Read-only verification.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Accessibility audit for Rico Hunt. Run contrast checks and review alt text, focus states, ARIA labels, and keyboard navigation in frontend code.
Read-only audit of Rico Hunt AI provider routing. Verify RICO_AI_PROVIDER env var, fallback chain, and provider health without calling live AI APIs.
Verify Rico Hunt authentication rules. Check JWT cookie usage, signup role enforcement, protected route isolation, and no request body user_id.
Verify Rico Hunt chat flow. Inspect public chat session isolation, rate limits, authenticated chat routing, and public session prefixing.
Read-only database health check for Rico Hunt. Verify DATABASE_URL connectivity, key tables, and row counts without exposing user data or mutating anything.
Verify Rico Hunt required environment variables are set without exposing values. Check backend, frontend, and admin/dev env vars.
| name | check-rico-safety |
| description | Audit Rico Hunt safety guardrails — rico_safety.py, agent runtime approval mode, and high-impact action protections. Read-only verification. |
| triggers | ["user","model"] |
| allowed-tools | ["read","grep","exec"] |
Audit Rico Hunt safety guardrails. This skill is read-only and verifies that the production safety rules are in place and not bypassed.
src/rico_safety.py is imported and used by action paths.RICO_REQUIRE_APPROVAL_FOR_APPLICATIONS=true is the default.agent_runtime.handle_action() is the only entry point for apply/save/skip/block/draft/why/remind.applications_repo, jobs_repo, or user_repo directly for actions.admin_guard and do not derive identity from request body user_id.src/rico_safety.py — guardrail functionssrc/agent/runtime.py — action dispatcher, approval mode, idempotencysrc/api/routers/actions.py — how actions are exposedsrc/api/routers/agent.py — natural-language chat actionssrc/api/routers/rico_chat.py — public chat prefixingsrc/api/admin_guard.py — admin route protectionsrc/api/auth.py — signup forces role="user"# Confirm approval constant is enforced
grep -R "RICO_REQUIRE_APPROVAL_FOR_APPLICATIONS" src/
# Confirm actions go through agent_runtime
grep -R "handle_action" src/api/routers/ src/agent/
# Confirm no direct repo mutation from routers
grep -R "applications_repo\.\|jobs_repo\.\|user_repo\." src/api/routers/
# Confirm public chat prefixing
grep -R "public_\|anonymous" src/api/routers/rico_chat.py src/services/chat_service.py
For each check, report:
src/rico_safety.py, src/agent/runtime.py, or any guardrail code as part of this audit.