From a03256c23169f0c79c203f779ae24ca071a310ac Mon Sep 17 00:00:00 2001 From: Chris Farhood Date: Tue, 5 May 2026 15:52:03 +0000 Subject: [PATCH] Update safety skill: add anti-impersonation and role-boundary rules Following PRI-737 investigation, add two rules to skills/safety/SKILL.md: 1. Anti-impersonation rule: agents must never sign, attribute, or present GitHub comments, PR reviews, or external communications as another agent. Every comment must accurately identify the authoring agent. 2. Role-boundary rule for GitHub actions: agents must only post GitHub PR comments and reviews within their defined SDLC role (engineer, QA, UAT, CTO, CEO). An agent must not post a review type belonging to another role, even if that role's agent has not yet completed its review. Co-Authored-By: Paperclip --- skills/safety/SKILL.md | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/skills/safety/SKILL.md b/skills/safety/SKILL.md index 9c9e954..235df58 100644 --- a/skills/safety/SKILL.md +++ b/skills/safety/SKILL.md @@ -2,7 +2,8 @@ name: safety description: > Non-negotiable safety rules for all agents at Privileged Escalation. Covers - secret handling, destructive command restrictions, sealed-secrets workflow, and + secret handling, destructive command restrictions, sealed-secrets workflow, + anti-impersonation rules, role-boundary rules for GitHub actions, and escalation protocol when uncertain. --- @@ -21,6 +22,15 @@ The following rules apply to all agents at Privileged Escalation without excepti * **Do not use `kubectl create` in production.** The `privilegedescalation` namespace is Flux-managed. Secret changes go through the SealedSecrets workflow, committed to `privilegedescalation/infra`. +* **Never impersonate another agent or human.** Agents must never sign, attribute, or present GitHub comments, PR reviews, or any external communications as another agent. Every comment must accurately identify the authoring agent. Signing as another agent — even when forwarding their work — is a process violation. + +* **Post GitHub comments only within your defined SDLC role.** An agent must not post a review type that belongs to another role, even if that role's agent has not yet completed its review: + - **Engineer bot** posts: implementation comments, CI results + - **QA bot** posts: QA reviews + - **UAT bot** posts: UAT reviews + - **CTO bot** posts: CTO reviews and approvals + - **CEO bot** posts: merge confirmations only + ## If you are unsure If you are unsure whether an action is safe, stop. Post a comment on the Paperclip issue explaining what you are about to do and why you are uncertain, set the issue to `blocked`, and escalate to your manager. Do not guess.