@trackoorchecks…skill-safety-gates → master3 files · +14 −13updated 2w agoThis updates three existing organizer skills so file moves, invoice organization, and Slack delivery require approval of the concrete plan before execution.
These skills automate personal files and private development reports. That is useful, but the side effects are real: files can be moved or renamed, originals can disappear from their old location, and a report can leave the local machine via Slack.
The fragile pattern is:
For example, file-organizer previously showed:
mv "old/path/file.pdf" "new/path/file.pdf"
If the destination already exists, that is not the same operation the user reviewed in the plan. The patch switches examples to no-clobber operations and requires logging before execution.
file-organizer/SKILL.md
mv -ninvoice-organizer/SKILL.md
cp -ndeveloper-growth-analysis/SKILL.md
Checked locally after patch:
git diff --check origin/master..HEAD
git diff --stat origin/master..HEAD
rg -n "approval in a new user message|mv -n|cp -n|Slack workspace/user|Do not start Slack auth|Redact secrets" \
file-organizer/SKILL.md invoice-organizer/SKILL.md developer-growth-analysis/SKILL.md
Observed output:
$ git diff --check origin/master..HEAD
# no output
$ git diff --stat origin/master..HEAD
developer-growth-analysis/SKILL.md | 6 ++++--
file-organizer/SKILL.md | 12 ++++++------
invoice-organizer/SKILL.md | 9 ++++-----
3 files changed, 14 insertions(+), 13 deletions(-)
$ rg -n "approval in a new user message|mv -n|cp -n|Slack workspace/user|Do not start Slack auth|Redact secrets" \
file-organizer/SKILL.md invoice-organizer/SKILL.md developer-growth-analysis/SKILL.md
invoice-organizer/SKILL.md:195: After approval in a new user message:
invoice-organizer/SKILL.md:201: cp -n "original.pdf" "Invoices/2024/Software/Adobe/2024-03-15 Adobe - Invoice - Creative Cloud.pdf"
file-organizer/SKILL.md:199: After approval in a new user message, organize systematically:
file-organizer/SKILL.md:206: mv -n "old/path/file.pdf" "new/path/file.pdf"
file-organizer/SKILL.md:215: - Use `mv -n` or equivalent no-clobber behavior; never overwrite silently
developer-growth-analysis/SKILL.md:197: - Before sending, show the resolved Slack workspace/user and a short report preview; redact secrets and private project/customer details unless explicitly included
I ran this against the patched checkout on branch skill-safety-gates, commit a46ba1b. The trace uses the repo's validation/package scripts plus temporary mock folders. It does not touch real user files and does not start Slack auth or send anything.
Native validation:
$ python3 skill-creator/scripts/quick_validate.py file-organizer
Skill is valid!
$ python3 skill-creator/scripts/quick_validate.py invoice-organizer
Skill is valid!
$ python3 skill-creator/scripts/quick_validate.py developer-growth-analysis
Skill is valid!
$ python3 skill-creator/scripts/package_skill.py file-organizer "$TMP/packages"
Added: file-organizer/SKILL.md
Successfully packaged skill to: .../file-organizer.zip
$ python3 skill-creator/scripts/package_skill.py invoice-organizer "$TMP/packages"
Added: invoice-organizer/SKILL.md
Successfully packaged skill to: .../invoice-organizer.zip
$ python3 skill-creator/scripts/package_skill.py developer-growth-analysis "$TMP/packages"
Added: developer-growth-analysis/SKILL.md
Successfully packaged skill to: .../developer-growth-analysis.zip
Loaded patched guard lines:
LOADED file-organizer/SKILL.md
MATCH file-organizer/SKILL.md:199: approval in a new user message
MATCH file-organizer/SKILL.md:206: mv -n
MATCH file-organizer/SKILL.md:215: Use `mv -n` or equivalent no-clobber behavior
LOADED invoice-organizer/SKILL.md
MATCH invoice-organizer/SKILL.md:195: After approval in a new user message
MATCH invoice-organizer/SKILL.md:200: Copy (don't move) to preserve originals
MATCH invoice-organizer/SKILL.md:201: cp -n
MATCH invoice-organizer/SKILL.md:203: Only move if the user explicitly requested moving originals
LOADED developer-growth-analysis/SKILL.md
MATCH developer-growth-analysis/SKILL.md:197: Before sending, show the resolved Slack workspace/user
MATCH developer-growth-analysis/SKILL.md:196: ask the user before starting Slack auth
MATCH developer-growth-analysis/SKILL.md:197: redact secrets and private project/customer details
file-organizer rehearsal:
Prompt before mutation: No deletions. No overwrite. Ready to proceed? (yes/no/modify)
Before approval tree changed: False
After approved mv -n:
70d35f763103331c6a12c66a8f13777721149c351a9089c5eca7fc30ab451011 Inbox/photo.png
99acd61509778379d99fbece470042da3336ddc87bc201be8b3efffb05286761 Inbox/report.pdf
948c3740b3e1bfde36d2a1b2a5658d0ed1680d8622e7ccd67d3426d03a5969a4 Organized/Documents/report.pdf
5351164e67b4bbd6bf58dee06df89f20df5858c934f220f9155bcd3d6e997d80 Organized/Images/photo.png
Existing report preserved: True
Conflicting report source still present: True
invoice-organizer rehearsal:
Prompt before mutation: Default action after approval: copy with cp -n, preserve originals, no overwrite. Process 2 files? (yes/no)
Before approval tree changed: False
After approved cp -n:
ce0e7b5579bab12f1f6805a34d99e58312366333d8df7bab75415b89140c9075 Invoices/2026/Office/Staples/2026-05-02 Staples - Receipt - Office Supplies.jpg
1ec43dfefa0b74a1a562be6b6d9f9333e1d79b247fe3f6d98d0178d574b49943 Invoices/2026/Software/Adobe/2026-05-01 Adobe - Invoice - Creative Cloud.pdf
ce0e7b5579bab12f1f6805a34d99e58312366333d8df7bab75415b89140c9075 receipts-to-sort/IMG_1001.jpg
ed7969e5f8f9ceb1ba916eaed21e69614569899566d13c5bc1f112dc3716b68b receipts-to-sort/adobe_may.pdf
Original Adobe remains: True
Preexisting Adobe destination preserved: True
New Staples copy created: True
developer-growth-analysis:
Resolved Slack preview: workspace="Dry Run Engineering Workspace"; user="@hanzhi"; delivery="DM to self"; auth_status="not checked in dry run".
Report preview: Recent work focused on TypeScript async debugging and cautious shell automation; private tokens/customer names redacted.
Stop point: awaiting explicit user approval before Slack auth or send.
Command and external mutation logs:
Command log:
mv -n .../file-organizer/Inbox/report.pdf .../file-organizer/Organized/Documents/report.pdf
mv -n .../file-organizer/Inbox/photo.png .../file-organizer/Organized/Images/photo.png
cp -n .../invoice-organizer/receipts-to-sort/adobe_may.pdf .../invoice-organizer/Invoices/2026/Software/Adobe/2026-05-01 Adobe - Invoice - Creative Cloud.pdf
cp -n .../invoice-organizer/receipts-to-sort/IMG_1001.jpg .../invoice-organizer/Invoices/2026/Office/Staples/2026-05-02 Staples - Receipt - Office Supplies.jpg
External/mutation log:
<empty>
PASS: validator and packaging completed; temp-only mv -n/cp -n preserved existing destinations; no delete, overwrite, Slack auth, Rube, network, or Slack send command was executed.
@Prat011 This PR aims to resolve the ambiguity surrounding skills to fix potential security risks, especially when users are paired with less advanced LLMs. I’d love to get some feedback whenever you have a moment. Just let me know how you’d like me to proceed!