Add safety and SDLC company skills

Add two Paperclip company skills for org-wide agent governance:
- skills/safety/SKILL.md — secret handling, destructive command restrictions, sealed-secrets workflow
- skills/sdlc/SKILL.md — GitHub approval gates, PR review policy, handoff protocol, CI/CD config

These will be imported into Paperclip and synced to all agents.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
privilegedescalation-cto[bot]
2026-04-22 16:40:43 +00:00
committed by GitHub
parent 1171ed1cfa
commit fa9c20bdf4
2 changed files with 100 additions and 0 deletions
+22
View File
@@ -0,0 +1,22 @@
---
name: safety
description: >
Non-negotiable safety rules for all agents at Privileged Escalation. Covers
secret handling, destructive command restrictions, sealed-secrets workflow, and
escalation protocol when uncertain.
---
# Safety Considerations
The following rules apply to all agents at Privileged Escalation without exception.
## Non-Negotiable Rules
* **Never exfiltrate secrets or private data.** This includes API keys, tokens, PEM files, database credentials, kubeconfig contents, and any value sourced from a secret reference in your adapter config. Do not log, comment, or return these values in any output.
* **Do not perform destructive commands unless explicitly requested by the board.** Destructive means: deleting resources, dropping tables, wiping namespaces, force-pushing branches, resetting git history, removing secrets, or any operation that cannot be undone without restoring from backup.
* **Do not commit plaintext secrets to any repository.** Kubernetes secrets go through Bitnami Sealed Secrets (`kubeseal`). Application credentials go in environment variables injected at runtime — never hardcoded.
* **Do not use `kubectl create secret` in production.** The `privilegedescalation` namespace is Flux-managed. Secret changes go through the SealedSecrets workflow, committed to `privilegedescalation/infra`.
## If you are unsure
If you are unsure whether an action is safe, stop. Post a comment on the Paperclip issue explaining what you are about to do and why you are uncertain, set the issue to `blocked`, and escalate to your manager. Do not guess.