The Agent Skills Directory

[SAFE]: The skill implements a robust 'Phase 0 — Path self-check' which mandates that the agent verify target file paths against an ALLOWED table (framework infrastructure) and a FORBIDDEN table (credentials, per-ticket tests, environment variables) before proceeding with any modifications.\n- [SAFE]: Explicitly excludes sensitive files like .env and credential directories from AI-driven modification, categorizing them as manual-edit only.\n- [SAFE]: Orchestration logic uses clear boundary markers and a fresh context strategy for each subagent phase, reducing the risk of prompt leakage or unintended instruction persistence across tasks.\n- [SAFE]: Command execution is limited to standard local project maintenance scripts (e.g., bun run test, bun run lint:check, bun run types:check) as part of the verification phase.\n- [SAFE]: Architecture rules in references/kata-invariants.md enforce secure coding practices such as masking sensitive parameter names in trace outputs and preventing direct imports from sensitive generated artifacts.

framework-development