diagnose-sandbox-report
Installation
SKILL.md
Diagnose Sandbox Report
Overview
Sandbox violations occur when an Nx task reads files not declared as inputs or writes files not declared as outputs.
Unexpected reads are one of:
- Missing input (most likely) — the process legitimately needs this file. Understand what the process does and why the access makes sense, then declare it as an input.
- Potential sandboxing gap (last resort) — the access is irrelevant to correctness and should be filtered/ignored by the sandbox. Only conclude this after exhausting every possibility for it being a missing input.
Unexpected writes follow the same logic:
- Missing output (most likely) — the process legitimately produces this file.
- Potential sandboxing gap (last resort) — same as above.
The default assumption is that an unexpected access IS a missing declaration. The investigation's job is to understand WHY the process accesses the file — not to find reasons it shouldn't.